Hi, > > > Vikas, thanks for replying some more, but your last email is a little out > of context for me personally. > > That i can understand, may be i have moved in more depth.
> I did drop the -b argument (and the associated value) and still the slapd > daemon crashed. I am starting to wonder if this is an OpenLDAP or LTB > Project OpenLDAP problem since no one else is chiming in with solutions and > troubleshooting. > Regret, but that issue is not a big one. I think, we are doing a silly mistake somewhere. > As for the slaptest, it didn't generate *any* content into the slapd.d > directory at all. I mentioned this to the person I was collaborating with > since I am attempting to document a process from scratch-to-finish. > slaptest is the utility that create slapd.d directory. I am worry, why it is not working there. > > That same person suggested I attempt to use ApacheDirectoryStudio to > interact with the slapd and configurations. I just attempted to connect to > the cn=config ??Context?? And I was able to add an attribute ( > *olcTLSCipherSuite*), but as soon as I attempted to add a value ( > *HIGH:MEDIUM+TLSv1+SSLv3*) the connection dropped in > ApacheDirectoryStudio. > > > > *Warron French, MBA, SCSA* > > > > From: Vikas Parashar <[email protected]> > To: Warron S French <[email protected]>, > Cc: Ulrich Windl <[email protected]>, > [email protected] > Date: 01/27/2014 09:24 AM > Subject: Re: Antw: OpenLDAP slapd problems - ldap_result: Can't > contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only > ------------------------------ > > > > Hi, > > Sorry! that was the typo. -b for the base only. In ldap modify, you don't > need to use -b. > > You can do the same thing with slapd.conf file. later on, you can create a > slapd.d directory with the help of slaptest command. > > slaptest -f slapd.conf -F slapd.d > > In this temporary directory, you will get a configuration({0}config.ldif) > file under slapd.d/cn=conifg directory. you can replace it and resxtart the > service. > > > Or in current ldapmodify, please run it with deeper debug level. You may > use -d option for it. > > > On Mon, Jan 27, 2014 at 6:46 PM, Warron S French < > *[email protected]* <[email protected]>> wrote: > Low Sensitivity/Aerospace Internal Use Only > > Ulrich, I attempted what you suggested as well, but I got back a different > error. And I don't know if it makes any difference, but I don't have TLS > configurations in place yet; that is what I am attempting to accomplish. > > > Anyway, after performing the following command: > * ldapmodify -ZZ -x -W -D cn=admin,cn=config -v -f > /tmp/LDAP-CONFIG-TLS.ldif* > > I got the following error in response: > * ldap_initialize( <DEFAULT> )* > * ldap_start_tls: Protocol error (2)* > * Additional info: unsupported extended operation* > > > > Thanks for the help, > > * Warron French, MBA, SCSA* > > > > From: "Ulrich Windl" > <*[email protected]*<[email protected]> > > > To: "Warron S French" > <*[email protected]*<[email protected]>>, > <*[email protected]* <[email protected]>>, > Date: 01/27/2014 02:34 AM > Subject: Antw: OpenLDAP slapd problems - ldap_result: Can't > contact LDAP server (-1) --- Low Sensitivity/Aerospace Internal Use Only > ------------------------------ > > > > > >>> Warron S French <*[email protected]* <[email protected]>> > schrieb am 24.01.2014 um 17:28 in > Nachricht > < > *ofe6bbfcb7.3c423e61-on85257c6a.005a0b4c-85257c6a.005a6...@notes.aero.org*<ofe6bbfcb7.3c423e61-on85257c6a.005a0b4c-85257c6a.005a6...@notes.aero.org> > >: > > Low Sensitivity/Aerospace Internal Use Only > > > > Working on a CentOS-6.5 server, running LTB Project's slapd-2.4.38. > > > > Someone suggested I implement a cn=admin,cn=config for a cn=config > setup. > > (I don't know how to technically word that). > > > > > > Anyway, I need to make TLS-related changes and was told to do the > > following command: > > > > ldapmodify -x -D "cn=admin,cn=config" -W -d 256 > > Try "ldapmodify -ZZ -x -W -D cn=_your_admin_-v -f _your_ldif_file" > > > > > ...then at the blank line type the following, each on a single line: > > > > Dn: cn=config > > Changetype: modify > > Add: olcTLSCipherSuite > > OlcTLSCipherSuite: HIGH:MEDIUM+TLSv1+SSLv3 > > <CTRL-D> > > > > > > I have been getting an error reponse of: > > ldap_result: Can't contact LDAP server (-1) > > > > This __ONLY__ occurs after I hit <CTRL-D>, not before. Yes, the daemon, > > slapd, is actually running, but after this failure it abruptly stops. I > > know this because in a separate terminal on the same system, I am > running > > a while-loop with a ps -e | grep slapd in it. > > > > > > Please note the "-x" option according to the man page for ldapmodify is > > supposed to Use simple authentication instead of SASL. > > > > > > Thank you all for your help, hopefully you can: > > > > 1) tell me what this error means, and > > 2) how to fix my problem so that I can complete the olcTLSxxxx changes I > > need to implement. > > > > > > > > > > > > Warron French, MBA, SCSA > > The Aerospace Corporation > > Sr. UNIX SA & Storage Admin > > Mailstop: CH1-230 > > Desk: 571-307-5311 > > Cell: 703-967-8936 > > > > > > Low Sensitivity/Aerospace Internal Use Only > > > > > > > Low Sensitivity/Aerospace Internal Use Only > > > > Low Sensitivity/Aerospace Internal Use Only >
