| View previous topic :: View next topic |
| Author |
Message |
BioSLuDge
Tux's lil' helper
Joined: 12 Jul 2004
Posts: 99
Location: Utah
|
 Posted: Mon Dec 05, 2005 4:01 am Post subject: LDAP and TLS |
 |
|
I have no idea whats wrong but again I'm having another problem with LDAP. I don't know what the issue is, I keep having problems with LDAP and I know that I'm on the stable portage branch. Is LDAP just a pain in the butt to get working?
Ok when I run
| Code: | | ldapsearch -D "cn=manager,dc=secure,dc=test,dc=org" -W |
with ldap://127.0.0.1 in /etc/openldap/ldap.conf I get this
| Code: | Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1 |
However if I change ldap://127.0.0.1 to ldaps://127.0.0.1 or ldaps://127.0.0.1:636 in /etc/openldap/ldap.conf I get the fallowing
| Code: | Enter LDAP Password:
ldap_bind: Can't contact LDAP server (-1) |
I have tried the gentoo ldap guide for getting TLS to work and I have tried another guide on gentoo-wiki neither work.
This will probably also help.
| Code: | threemileisland myca # openssl s_client -connect localhost:636 -showcerts -state -CAfile /certs/openldap/CA-cert.pem
connect: Connection refused
connect:errno=29
|
My /etc/openldap/slapd.conf
| Code: | include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
password-hash {md5}
pidfile /var/run/openldap/slapd.pid
TLSCertificateFile /certs/openldap/ser-crt.pem
TLSCertificateKeyFile /certs/openldap/ser-key.pem
TLSCACertificateFile /certs/openldap/CA-cert.pem
loglevel 256
database bdb
suffix "dc=secure,dc=test,dc=org"
rootdn "cn=Manager,dc=secure,dc=test,dc=org"
rootpw edited for content
directory /var/lib/openldap-data
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial |
My /etc/openldap/ldap.conf
| Code: | BASE dc=secure, dc=test, dc=org
URI ldaps://127.0.0.1:636/
TLS_REQCERT allow |
My /etc/conf.d/slapd
| Code: | | OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" |
It does not seam that LDAP is listening on port 636, but why? Maybe something to do with the database?
Thank you for your time.
-BioSLuDge |
|
| Back to top |
|
 |
slam_head
Guru
Joined: 06 Jan 2003
Posts: 449
Location: New York City
|
| Posted: Mon Dec 05, 2005 9:38 pm Post subject: |
|
|
Try doing a
| Code: | | netstat -an|grep 636 |
I would also try looking at /var/log/messages for the servers logs. If none of that works I would run slapd from the command line:
| Code: | | /usr/lib/openldap/slapd -d 5 -u ldap -g ldap -h ldap://127.0.0.1 ldaps:// |
Then try to connect and see what you get. |
|
| Back to top |
|
|
BioSLuDge
Tux's lil' helper
Joined: 12 Jul 2004
Posts: 99
Location: Utah
|
| Posted: Tue Dec 06, 2005 5:51 am Post subject: |
|
|
Bloody [/list]hell. Ok so I set /var/lib/openldap-data to ldap:ldap
but I went and looked back and half of the contents where owned by root
Fixed that and it all worked.
Sorry and thanks for helping.
-BioSLuDge |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
