2/ Exports your configuration
slapcat -F /path/to/slapd.d -n 0 -l config.ldif
i get the following error:
55d4f273 ldif_read_file: checksum error on
"/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif"
On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <[email protected]>
wrote:
> On 19/08/2015 20:32, Aneela Saleem wrote:
>
> Anyone there? Please help me getting out of this problem
>
> On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <[email protected]>
> wrote:
>
>> this is my /etc/ldap/ldap.conf file:
>>
>> BASE dc=platalytics,dc=com
>>
>> URI ldap://127.0.0.1
>>
>> TLS_CACERT /etc/ldap/cacert.pem
>>
>>
>> On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < <[email protected]>
>> [email protected]> wrote:
>>
>>> Still i get following error:
>>>
>>> modifying entry "cn=config"
>>> ldap_result: Can't contact LDAP server (-1)
>>>
>>>
>>> On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah <
>>> [email protected]> wrote:
>>>
>>>> On 18/08/2015 20:27, Aneela Saleem wrote:
>>>>
>>>> I get following result
>>>>
>>>> ldap_initialize( ldap://localhost:389/??base )
>>>> dn:cn=admin,cn=config
>>>> Result: Success (0)
>>>>
>>>>
>>>> On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah <
>>>> <[email protected]>[email protected]> wrote:
>>>>
>>>>> On 18/08/2015 20:11, Aneela Saleem wrote:
>>>>>
>>>>> When i add below file i.e., ssl_mod.ldif
>>>>>
>>>>> *dn: cn=config*
>>>>> *changetype: modify*
>>>>> *add: olcTLSCACertificateFile*
>>>>> *olcTLSCACertificateFile: /etc/ldap/cacert.pem*
>>>>> *-*
>>>>> *add: olcTLSCertificateFile*
>>>>> *olcTLSCertificateFile: /etc/ldap/servercrt.pem*
>>>>> *-*
>>>>> *add: olcTLSCertificateKeyFile*
>>>>> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem*
>>>>> *-*
>>>>> *add: olcTLSCipherSuite*
>>>>> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2*
>>>>>
>>>>> using following command:
>>>>>
>>>>> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f
>>>>> mod_ssl.ldif
>>>>>
>>>>> i get ldap_result: Can't contact LDAP server (-1) error.
>>>>>
>>>>> Although LDAP is running. I can run following command i.e.,
>>>>>
>>>>> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w
>>>>> 123 -b "dc=platalytics,dc=com" "objectclass=*"
>>>>>
>>>>> How can i make ldaps work?
>>>>>
>>>>> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem <
>>>>> <[email protected]>[email protected]> wrote:
>>>>>
>>>>>> Where i can find the logs?
>>>>>>
>>>>>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem <
>>>>>> <[email protected]>[email protected]> wrote:
>>>>>>
>>>>>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i
>>>>>>> restart slapd it gets failed.
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem <
>>>>>>> <[email protected]>[email protected]> wrote:
>>>>>>>
>>>>>>>> Which file i need to write this in?
>>>>>>>>
>>>>>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah <
>>>>>>>> <[email protected]>[email protected]> wrote:
>>>>>>>>
>>>>>>>>> On 18/08/2015 16:05, Aneela Saleem wrote:
>>>>>>>>>
>>>>>>>>> I have no slapd.conf. I have cn=conf
>>>>>>>>>
>>>>>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah <
>>>>>>>>> <[email protected]>[email protected]> wrote:
>>>>>>>>>
>>>>>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote:
>>>>>>>>>>
>>>>>>>>>> Thanks Michael and Abdelkader.
>>>>>>>>>>
>>>>>>>>>> Abdelkaded the link you provided is for slapd.conf distribution.
>>>>>>>>>> Can you please guide me how to do "cn=config" distribution?
>>>>>>>>>>
>>>>>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah <
>>>>>>>>>> <[email protected]>[email protected]> wrote:
>>>>>>>>>>
>>>>>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Aneela Saleem wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Can anyone please provide me some link for enabling "ldaps"
>>>>>>>>>>>>>
>>>>>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html>
>>>>>>>>>>>> http://www.openldap.org/doc/admin24/tls.html
>>>>>>>>>>>>
>>>>>>>>>>>> Ciao, Michael.
>>>>>>>>>>>>
>>>>>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html>
>>>>>>>>>>> http://www.openldap.org/faq/data/cache/185.html
>>>>>>>>>>>
>>>>>>>>>>> regards
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> You can convert a slapd.conf to cn=config using slaptest
>>>>>>>>>>
>>>>>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> # cn=config
>>>>>>>>> dn: cn=config
>>>>>>>>> objectClass: olcGlobal
>>>>>>>>> cn: config
>>>>>>>>> ...
>>>>>>>>> olcTLSCACertificateFile: /path/to/cacert
>>>>>>>>> olcTLSCertificateFile: /path/to/cert
>>>>>>>>> olcTLSCertificateKeyFile: /path/to/key
>>>>>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2
>>>>>>>>> ...
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> Can you run
>>>>>
>>>>> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389
>>>>>
>>>>>
>>>>>
>>>> Ok, retry the "ldapmodify" command using
>>>>
>>>> ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f
>>>> mod_ssl.ldif
>>>>
>>>>
>>>>
>>>>
>>>
>>
> There is something wrong with your setup.
>
> 1/ Stops your instance
> 2/ Exports your configuration
>
> slapcat -F /path/to/slapd.d -n 0 -l config.ldif
>
> 3/ Performs the modification directly on config.ldif
> 4/ Removes the old configuration
>
> rm -rf /path/to/slapd.d/*
>
> 5/ Imports the new configuration
>
> slapadd -F /path/to/slapd.d -n 0 -l config.ldif
>
> 6/ Starts your instance
>
