Frank Schafer schrieb:
This is 100% correct.Hi,
I don't (yet) have ldap installed. Is there a configuration file for
ldap in /etc/conf.d, where you (probably) can setup behaviour like if to
use or not to use ssl or the port ldap should be listening on etc.
There is the file in /etc/conf.d/slapd.
I currently have version 2.1.30-r2 emerged, and the default contents are as follows:
---------------
# conf.d file for the openldap-2.1 series
#
# To enable both the standard unciphered server and the ssl encrypted
# one uncomment this line or set any other server starting options
# you may desire.
#
# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
---------------
Just as it says in the comments, just remove the # sign before the OPTS= .
You then have ldaps over 636, ldap over 389, and the ldap for local connections.
Depending on you are using ldap for, I would leave the unsecure port open.
However, then be sure to use the slapd.conf to restrict what actions can be done over the unsecure connection.
Otherwise it is just too easy for people to get access to sensitive infomation like passwords.
Regards, Scott
Just a thought Frank
On Thu, 2005-03-31 at 00:35 -0500, Travis Osterman wrote:
I'm trying to get openldap working on my network (obviously) and seem to get the correct action from running # /usr/lib/openldap/slapd -d -1 but not # /etc/init.d/slapd start
Using the /etc/init.d version I get # nmap localhost | grep ldap 636/tcp open ldapssl
While the /usr/lib version gets me # nmap localhost | grep ldap 389/tcp open ldap
I've tried to follow the guides at
http://www.gentoo.org/doc/en/ldap-howto.xml,
http://www.openldap.org/doc/admin21/quickstart.html, and
http://www.metaconsultancy.com/whitepapers/ldap.htm to get this far. Do I have to do something extra to get it to work via ssl on port 636?
I think my simple directory is at least created based on the
information below.
If anyone can point me in the next step (getting connected on 636), I woud appreciate it. Thanks in advance.
-- Travis Osterman
-------------------------- Performing this search with the /etc/init.d version gives the following output/logs -------------------------- # ldapsearch -x objectClass=* -h 127.0.0.1 ldap_bind: Can't contact LDAP server (81)
and a log of (/var/log/messages) Mar 31 00:25:10 jaga slapd[2763]: daemon: socket() failed errno=97 (Address family not supported by protocol) Mar 31 00:25:10 jaga slapd[2763]: bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002) Mar 31 00:25:10 jaga slapd[2770]: slapd starting
-------------------------- Performing the same search with the /usr/lib version gives the following output/logs (seems to work fine) -------------------------- # ldapsearch -x objectClass=* -h 127.0.0.1 # extended LDIF # # LDAPv3 # base <> with scope sub # filter: objectClass=* # requesting: ALL #
# example.com dn: dc=example,dc=com dc: example o: example.com objectClass: top objectClass: dcObject objectClass: organization
# people, example.com dn: ou=people,dc=example,dc=com ou: people objectClass: top objectClass: organizationalUnit
# admin, example.com dn: cn=admin,dc=example,dc=com cn: admin userPassword:: c2VjcmV0 objectClass: top objectClass: organizationalRole objectClass: simpleSecurityObject
# search result search: 2 result: 0 Success
# numResponses: 4 # numEntries: 3
and a log of (/var/log/messages) Mar 31 00:23:47 jaga slapd[2706]: conn=0 fd=9 ACCEPT from IP=127.0.0.1:50227 (IP=0.0.0.0:389) Mar 31 00:23:47 jaga slapd[2711]: conn=0 op=0 BIND dn="" method=128 Mar 31 00:23:48 jaga slapd[2711]: conn=0 op=0 RESULT tag=97 err=0 text= Mar 31 00:23:48 jaga slapd[2711]: conn=0 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(objectClass=*)" Mar 31 00:23:48 jaga slapd[2711]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=3 text= Mar 31 00:23:48 jaga slapd[2711]: conn=0 op=2 UNBIND Mar 31 00:23:48 jaga slapd[2711]: conn=0 fd=9 closed -- [email protected] mailing list
-- [email protected] mailing list
