Re: LDAP over SSL ( ldaps )

Abdelkader Chelouah Tue, 18 Aug 2015 11:26:12 -0700

On 18/08/2015 20:11, Aneela Saleem wrote:

When i add below file i.e., ssl_mod.ldif
*
*
*dn: cn=config*
*changetype: modify*
*add: olcTLSCACertificateFile*
*olcTLSCACertificateFile: /etc/ldap/cacert.pem*
*-*
*add: olcTLSCertificateFile*
*olcTLSCertificateFile: /etc/ldap/servercrt.pem*
*-*
*add: olcTLSCertificateKeyFile*
*olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem*
*-*
*add: olcTLSCipherSuite*
*olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2*
*
*
using following command:

ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -fmod_ssl.ldif


i get ldap_result: Can't contact LDAP server (-1) error.

Although LDAP is running. I can run following command i.e.,

ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w123 -b "dc=platalytics,dc=com" "objectclass=*"


How can i make ldaps work?

On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <[email protected]<mailto:[email protected]>> wrote:


    Where i can find the logs?

    On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem
    <[email protected] <mailto:[email protected]>> wrote:

        I wrote the above lines in olcDatabase={0}config.ldif file.
        When i restart slapd it gets failed.


        On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem
        <[email protected] <mailto:[email protected]>> wrote:

            Which file i need to write this in?

            On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah
            <[email protected] <mailto:[email protected]>> wrote:

                On 18/08/2015 16:05, Aneela Saleem wrote:

                I have no slapd.conf. I have cn=conf

                On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah
                <[email protected] <mailto:[email protected]>>
                wrote:

                    On 18/08/2015 15:51, Aneela Saleem wrote:

                    Thanks Michael and Abdelkader.

                    Abdelkaded the link you provided is for
                    slapd.conf distribution. Can you please guide me
                    how to do "cn=config" distribution?

                    On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader
                    Chelouah <[email protected]
                    <mailto:[email protected]>> wrote:

                        On 18/08/2015 15:41, Michael Ströder wrote:

                            Aneela Saleem wrote:

                                Can anyone please provide me some
                                link for enabling "ldaps"

                            http://www.openldap.org/doc/admin24/tls.html

                            Ciao, Michael.

                        or
                        http://www.openldap.org/faq/data/cache/185.html

                        regards

                    You can convert a slapd.conf to cn=config using
                    slaptest

                    slaptest -f path/to/slapd.conf -F path/to/slapd.d

                # cn=config
                dn: cn=config
                objectClass: olcGlobal
                cn: config
                ...
                olcTLSCACertificateFile: /path/to/cacert
                olcTLSCertificateFile: /path/to/cert
                olcTLSCertificateKeyFile: /path/to/key
                olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2
                ...

Can you run

ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389

Re: LDAP over SSL ( ldaps )

Reply via email to