View previous topic :: View next topic |
Author |
Message |
decrease789 Apprentice
Joined: 25 Jun 2004 Posts: 194 Location: The United Krapdom
|
Posted: Sun Mar 27, 2005 3:00 pm Post subject: [solved]LDAP ldap_start_tls error |
|
|
I tried to manage my secure ldap server using phpldapadmin and I got the the following error
Quote: | Error
Could not start TLS. Please check your LDAP server configuration. |
i then proceed to try TLS using ldap search and got the following erro
Code: | root@mydomain ssl # ldapsearch -D "cn=Manager,dc=mydomain,dc=biz" -W -ZZ
ldap_start_tls: Operations error (1)
additional info: TLS already started |
i think i have set my ldap server up correctly for tls for example.... i changed my /etc/openldap/slapd.conf similar to this
Code: | # Include the needed data schemes
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
# Use crypt to hash the passwords
password-hash {crypt}
# Define SSL and TLS properties (optional)
TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/ssl/ldap.pem
// Further down...
database ldbm
suffix "dc=mydomain,dc=biz"
rootdn "cn=Manager,dc=mydomain,dc=biz"
rootpw {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
directory /var/lib/openldap-ldbm
index objectClass eq |
my /etc/openldap/ldap.conf to ....
Code: | // Add the following...
BASE dc=mydomain, dc=com
URI ldaps://auth.mydomain.com:636/
TLS_REQCERT allow |
and my /etc/conf.d/slapd
Code: | OPTS="-h 'ldaps:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" |
when i try
Code: | ldapsearch -D "cn=Manager,dc=mydomain,dc=com" -W |
it works fine
so is this an ldap tls problem??? have i forgot to set something up for tls?
Last edited by decrease789 on Mon Mar 28, 2005 3:30 pm; edited 2 times in total |
|
Back to top |
|
|
decrease789 Apprentice
Joined: 25 Jun 2004 Posts: 194 Location: The United Krapdom
|
Posted: Sun Mar 27, 2005 4:05 pm Post subject: |
|
|
i solved it myself!!
the problem is related to this
http://www.openldap.org/faq/data/cache/1063.html
if ldap is set up to over ssl... then there is no need to configure it in another program (such as phpldapadmin), all that needs mention is ldaps://auth.mydomain.com and the port... switch tls to false and it will work |
|
Back to top |
|
|
DrHogie n00b
Joined: 31 Jan 2003 Posts: 5
|
Posted: Thu Jul 07, 2005 8:15 pm Post subject: I love this man. |
|
|
I could kiss you right now.
Thanks to this hint, I finally have phpldapadmin working
Now if I can just figure out what the hell to do with LDAP . . . . . _________________ --DrH |
|
Back to top |
|
|
|