Hi,
Sorry! that was the typo. -b for the base only. In ldap modify, you don't
need to use -b.
You can do the same thing with slapd.conf file. later on, you can create a
slapd.d directory with the help of slaptest command.
slaptest -f slapd.conf -F slapd.d
In this temporary directory, you will get a configuration({0}config.ldif)
file under slapd.d/cn=conifg directory. you can replace it and resxtart the
service.
Or in current ldapmodify, please run it with deeper debug level. You may
use -d option for it.
On Mon, Jan 27, 2014 at 6:46 PM, Warron S French
<[email protected]>wrote:
> Low Sensitivity/Aerospace Internal Use Only
>
> Ulrich, I attempted what you suggested as well, but I got back a different
> error. And I don't know if it makes any difference, but I don't have TLS
> configurations in place yet; that is what I am attempting to accomplish.
>
>
> Anyway, after performing the following command:
> *ldapmodify -ZZ -x -W -D cn=admin,cn=config -v -f
> /tmp/LDAP-CONFIG-TLS.ldif*
>
> I got the following error in response:
> *ldap_initialize( <DEFAULT> )*
> *ldap_start_tls: Protocol error (2)*
> * Additional info: unsupported extended operation*
>
>
>
> Thanks for the help,
>
> *Warron French, MBA, SCSA*
>
>
>
> From: "Ulrich Windl" <[email protected]>
> To: "Warron S French" <[email protected]>, <
> [email protected]>,
> Date: 01/27/2014 02:34 AM
> Subject: Antw: OpenLDAP slapd problems - ldap_result: Can't
> contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only
> ------------------------------
>
>
>
> >>> Warron S French <[email protected]> schrieb am 24.01.2014 um
> 17:28 in
> Nachricht
> <ofe6bbfcb7.3c423e61-on85257c6a.005a0b4c-85257c6a.005a6...@notes.aero.org
> >:
> > Low Sensitivity/Aerospace Internal Use Only
> >
> > Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38.
> >
> > Someone suggested I implement a cn=admin,cn=config for a cn=config
> setup.
> > (I don't know how to technically word that).
> >
> >
> > Anyway, I need to make TLS-related changes and was told to do the
> > following command:
> >
> > ldapmodify -x -D "cn=admin,cn=config" -W -d 256
>
> Try "ldapmodify -ZZ -x -W -D cn=_your_admin_-v -f _your_ldif_file"
>
> >
> > ...then at the blank line type the following, each on a single line:
> >
> > Dn: cn=config
> > Changetype: modify
> > Add: olcTLSCipherSuite
> > OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3
> > <CTRL-D>
> >
> >
> > I have been getting an error reponse of:
> > ldap_result: Can't contact LDAP server (-1)
> >
> > This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon,
> > slapd, is actually running, but after this failure it abruptly stops. I
> > know this because in a separate terminal on the same system, I am
> running
> > a while-loop with a ps -e | grep slapd in it.
> >
> >
> > Please note the "-x" option according to the man page for ldapmodify is
> > supposed to Use simple authentication instead of SASL.
> >
> >
> > Thank you all for your help, hopefully you can:
> >
> > 1) tell me what this error means, and
> > 2) how to fix my problem so that I can complete the olcTLSxxxx changes I
> > need to implement.
> >
> >
> >
> >
> >
> > Warron French, MBA, SCSA
> > The Aerospace Corporation
> > Sr. UNIX SA & Storage Admin
> > Mailstop: CH1-230
> > Desk: 571-307-5311
> > Cell: 703-967-8936
> >
> >
> > Low Sensitivity/Aerospace Internal Use Only
>
>
>
>
>
>
> Low Sensitivity/Aerospace Internal Use Only
>
