[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Antw: Re: any working documentation?
>>> Dmitri Seletski <drjoms@gmail.com> schrieb am 20.08.2019 um 18:39 in Nachricht
<8cb57eed-9577-6df9-2295-8958f04e7a15@gmail.com>:
> Thank you very much for your response Dave.
>
>
> As per second link, I was able to create working copy of LDAP server,
> that did not crash on me complaining about encryption.
>
> So I can recreate working environment. I am not seeking to be able to
> mindlessly copy someone's config files and start service as 'my own'.
>
> Can someone suggest PDF book(which I am willing to buy, even if it's
> expensive, eastern European paying money for digital property, I know,
> right?) or some other non DRM book?
>
> Something that will give me good insight on LDAP.
Years ago there was an IBM Readbook named "Understanding LDAP
Design and Implementation". Maybe it's still available. That you could use as start.
Regards,
Ulrich
>
> Thank you in advance.
>
> Dmitri Seletski
>
> On 20/08/2019 13:32, Dave Macias wrote:
>> There are a lot of great tutorials out there too:
>> https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/
>>
> https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-serve
> r-configuration-centos-7-rhel-7.html
>>
>>
>> I would say try them all, get a feel for it and install/configure it
>> for your needs.
>> Openldap is a great software with many really cool schemas to expand usage
>> https://fossies.org/linux/ldap-account-manager/docs/manual/apa.html
>>
>> Have fun!
>>
>> On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski <drjoms@gmail.com
>> <mailto:drjoms@gmail.com>> wrote:
>>
>> Please ignore last message.
>>
>> Apparently I have 2 hands, but both are left hands.(freshly cloned
>> OS with no existing preinstall seemed to work fine and works even
>> after 'systemctl stop slapd ; systemctl start slapd')
>>
>> Can anyone suggest good book for administration of OpenLDAP on
>> Linux/CentOS. Ideally for kid 5 and up, with many pictures and
>> suitable for 'late bloomer'.
>>
>> Thanks!
>>
>> Dmitri
>>
>> -------- Forwarded Message --------
>> Subject: any working documentation?
>> Date: Mon, 19 Aug 2019 20:26:28 +0100
>> From: Dmitri Seletski <drjoms@gmail.com> <mailto:drjoms@gmail.com>
>> To: openldap-technical@openldap.org
>> <mailto:openldap-technical@openldap.org>
>>
>>
>>
>> Hello.
>>
>>
>> I am new to the list, so if you gonna beat me with your feet -
>> please don't hit me in the face.
>>
>> I did not find help/user list. So post here.
>>
>> Where can I find working documentation for OpenLDAP?
>>
>> Most current i found:
>>
>> https://www.openldap.org/doc/admin24/quickstart.html
>>
>> It says nothing of TLS encryption. I fail to start service
>>
>> See output below:
>>
>>
>>
>> TLSMC: MozNSS compatibility interception begins.
>> tlsmc_intercept_initialization: INFO: entry options follow:
>> tlsmc_intercept_initialization: INFO: cacertdir =
>> `/etc/openldap/certs'
>> tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
>> tlsmc_intercept_initialization: INFO: keyfile =
>> `/etc/openldap/certs/password'
>> tlsmc_convert: INFO: trying to open NSS DB with CACertDir =
>> `/etc/openldap/certs'.
>> tlsmc_open_nssdb: INFO: trying to initialize moznss using security
>> dir `/etc/openldap` prefix `certs`.
>> tlsmc_open_nssdb: WARN: could not initialize MozNSS context -
>> error -8015.
>> tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM
>> configuration is present.
>> tlsmc_intercept_initialization: INFO: altered options follow:
>> tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
>> tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
>> tlsmc_intercept_initialization: INFO: keyfile =
>> `/etc/openldap/certs/password'
>> tlsmc_intercept_initialization: INFO: successfully intercepted TLS
>> initialization. Continuing with OpenSSL only.
>> TLSMC: MozNSS compatibility interception ends.
>> TLS: could not use certificate `OpenLDAP Server'.
>> TLS: error:02001002:system library:fopen:No such file or directory
>> bss_file.c:402
>> TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
>> TLS: error:140AD002:SSL
>> routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468
>> 5d5af51b main: TLS init def ctx failed: -1
>> 5d5af51b slapd destroy: freeing system resources.
>> 5d5af51b slapd stopped.
>> 5d5af51b connections_destroy: nothing to destroy.
>>
>>
>>
>> Where can I submit errata to documentation maintainer?(as quick
>> start clearly doesn't work in my default install of OpenLDAP on
>> CentOS 7)
>>
>> And how can I start SLAPD without encryption?
>>
>> I can generate self signed private/public key and make ln -s of my
>> CA cert folder to 'cacertdir = `/etc/openldap'', but this seems
>> SOOO unnecessary. At least on 'try out' step.
>>
>> Thanks in advance
>>
>> Dmitri
>>