5/ Imports the new configuration slapadd -F /path/to/slapd.d -n 0 -l config.ldif
I get the following error: slapadd: could not add entry dn="cn=config" (line=1): _ 1.03% eta none elapsed none spd 4.2 M/s Closing DB... On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah <[email protected]> wrote: > On 19/08/2015 20:32, Aneela Saleem wrote: > > Anyone there? Please help me getting out of this problem > > On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem <[email protected]> > wrote: > >> this is my /etc/ldap/ldap.conf file: >> >> BASE dc=platalytics,dc=com >> >> URI ldap://127.0.0.1 >> >> TLS_CACERT /etc/ldap/cacert.pem >> >> >> On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < <[email protected]> >> [email protected]> wrote: >> >>> Still i get following error: >>> >>> modifying entry "cn=config" >>> ldap_result: Can't contact LDAP server (-1) >>> >>> >>> On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < >>> [email protected]> wrote: >>> >>>> On 18/08/2015 20:27, Aneela Saleem wrote: >>>> >>>> I get following result >>>> >>>> ldap_initialize( ldap://localhost:389/??base ) >>>> dn:cn=admin,cn=config >>>> Result: Success (0) >>>> >>>> >>>> On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < >>>> <[email protected]>[email protected]> wrote: >>>> >>>>> On 18/08/2015 20:11, Aneela Saleem wrote: >>>>> >>>>> When i add below file i.e., ssl_mod.ldif >>>>> >>>>> *dn: cn=config* >>>>> *changetype: modify* >>>>> *add: olcTLSCACertificateFile* >>>>> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >>>>> *-* >>>>> *add: olcTLSCertificateFile* >>>>> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >>>>> *-* >>>>> *add: olcTLSCertificateKeyFile* >>>>> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >>>>> *-* >>>>> *add: olcTLSCipherSuite* >>>>> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >>>>> >>>>> using following command: >>>>> >>>>> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >>>>> mod_ssl.ldif >>>>> >>>>> i get ldap_result: Can't contact LDAP server (-1) error. >>>>> >>>>> Although LDAP is running. I can run following command i.e., >>>>> >>>>> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" -w >>>>> 123 -b "dc=platalytics,dc=com" "objectclass=*" >>>>> >>>>> How can i make ldaps work? >>>>> >>>>> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < >>>>> <[email protected]>[email protected]> wrote: >>>>> >>>>>> Where i can find the logs? >>>>>> >>>>>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>>>>> <[email protected]>[email protected]> wrote: >>>>>> >>>>>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>>>>>> restart slapd it gets failed. >>>>>>> >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>>>>> <[email protected]>[email protected]> wrote: >>>>>>> >>>>>>>> Which file i need to write this in? >>>>>>>> >>>>>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>> >>>>>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>>>>> >>>>>>>>> I have no slapd.conf. I have cn=conf >>>>>>>>> >>>>>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>> >>>>>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>>>>> >>>>>>>>>> Thanks Michael and Abdelkader. >>>>>>>>>> >>>>>>>>>> Abdelkaded the link you provided is for slapd.conf distribution. >>>>>>>>>> Can you please guide me how to do "cn=config" distribution? >>>>>>>>>> >>>>>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>>>>> >>>>>>>>>>>> Aneela Saleem wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>>>>> >>>>>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>>>>> >>>>>>>>>>>> Ciao, Michael. >>>>>>>>>>>> >>>>>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>>>>> >>>>>>>>>>> regards >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>>>>> >>>>>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>>>>> >>>>>>>>> >>>>>>>>> # cn=config >>>>>>>>> dn: cn=config >>>>>>>>> objectClass: olcGlobal >>>>>>>>> cn: config >>>>>>>>> ... >>>>>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>>>>> olcTLSCertificateFile: /path/to/cert >>>>>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>>>>> ... >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> Can you run >>>>> >>>>> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >>>>> >>>>> >>>>> >>>> Ok, retry the "ldapmodify" command using >>>> >>>> ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f >>>> mod_ssl.ldif >>>> >>>> >>>> >>>> >>> >> > There is something wrong with your setup. > > 1/ Stops your instance > 2/ Exports your configuration > > slapcat -F /path/to/slapd.d -n 0 -l config.ldif > > 3/ Performs the modification directly on config.ldif > 4/ Removes the old configuration > > rm -rf /path/to/slapd.d/* > > 5/ Imports the new configuration > > slapadd -F /path/to/slapd.d -n 0 -l config.ldif > > 6/ Starts your instance >
