Hi Abdelkader, I tried following link
http://rogermoffatt.com/2011/08/24/ubuntu-openldap-with-ssltls/ It worked. But don't you think setting "TLS_REQCERT never" kills the purpose of ssl. As client FQDN is not checked in this againt. On Thu, Aug 20, 2015 at 10:39 PM, Abdelkader Chelouah <[email protected]> wrote: > On 20/08/2015 18:23, Aneela Saleem wrote: > > 55d5ff01 str2entry: entry -1 has multiple DNs "cn=config" and > "cn=module{0},cn=config" > > > On Thu, Aug 20, 2015 at 8:30 PM, Aneela Saleem <[email protected]> > wrote: > >> 5/ Imports the new configuration >> >> slapadd -F /path/to/slapd.d -n 0 -l config.ldif >> >> I get the following error: >> >> slapadd: could not add entry dn="cn=config" (line=1): >> _ 1.03% eta none elapsed none spd >> 4.2 M/s >> Closing DB... >> >> On Thu, Aug 20, 2015 at 2:11 AM, Abdelkader Chelouah < >> <[email protected]>[email protected]> wrote: >> >>> On 19/08/2015 20:32, Aneela Saleem wrote: >>> >>> Anyone there? Please help me getting out of this problem >>> >>> On Wed, Aug 19, 2015 at 1:29 AM, Aneela Saleem < >>> <[email protected]>[email protected]> wrote: >>> >>>> this is my /etc/ldap/ldap.conf file: >>>> >>>> BASE dc=platalytics,dc=com >>>> >>>> URI ldap://127.0.0.1 >>>> >>>> TLS_CACERT /etc/ldap/cacert.pem >>>> >>>> >>>> On Wed, Aug 19, 2015 at 1:07 AM, Aneela Saleem < >>>> <[email protected]>[email protected]> wrote: >>>> >>>>> Still i get following error: >>>>> >>>>> modifying entry "cn=config" >>>>> ldap_result: Can't contact LDAP server (-1) >>>>> >>>>> >>>>> On Wed, Aug 19, 2015 at 12:34 AM, Abdelkader Chelouah < >>>>> <[email protected]>[email protected]> wrote: >>>>> >>>>>> On 18/08/2015 20:27, Aneela Saleem wrote: >>>>>> >>>>>> I get following result >>>>>> >>>>>> ldap_initialize( ldap://localhost:389/??base ) >>>>>> dn:cn=admin,cn=config >>>>>> Result: Success (0) >>>>>> >>>>>> >>>>>> On Tue, Aug 18, 2015 at 11:24 PM, Abdelkader Chelouah < >>>>>> <[email protected]>[email protected]> wrote: >>>>>> >>>>>>> On 18/08/2015 20:11, Aneela Saleem wrote: >>>>>>> >>>>>>> When i add below file i.e., ssl_mod.ldif >>>>>>> >>>>>>> *dn: cn=config* >>>>>>> *changetype: modify* >>>>>>> *add: olcTLSCACertificateFile* >>>>>>> *olcTLSCACertificateFile: /etc/ldap/cacert.pem* >>>>>>> *-* >>>>>>> *add: olcTLSCertificateFile* >>>>>>> *olcTLSCertificateFile: /etc/ldap/servercrt.pem* >>>>>>> *-* >>>>>>> *add: olcTLSCertificateKeyFile* >>>>>>> *olcTLSCertificateKeyFile: /etc/ldap/serverkey.pem* >>>>>>> *-* >>>>>>> *add: olcTLSCipherSuite* >>>>>>> *olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2* >>>>>>> >>>>>>> using following command: >>>>>>> >>>>>>> ldapmodify -h localhost -p 389 -D "cn=admin,cn=config" -w 123 -f >>>>>>> mod_ssl.ldif >>>>>>> >>>>>>> i get ldap_result: Can't contact LDAP server (-1) error. >>>>>>> >>>>>>> Although LDAP is running. I can run following command i.e., >>>>>>> >>>>>>> ldapsearch -h localhost -p 389 -D "cn=admin,dc=platalytics,dc=com" >>>>>>> -w 123 -b "dc=platalytics,dc=com" "objectclass=*" >>>>>>> >>>>>>> How can i make ldaps work? >>>>>>> >>>>>>> On Tue, Aug 18, 2015 at 7:37 PM, Aneela Saleem < >>>>>>> <[email protected]>[email protected]> wrote: >>>>>>> >>>>>>>> Where i can find the logs? >>>>>>>> >>>>>>>> On Tue, Aug 18, 2015 at 7:36 PM, Aneela Saleem < >>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>> >>>>>>>>> I wrote the above lines in olcDatabase={0}config.ldif file. When i >>>>>>>>> restart slapd it gets failed. >>>>>>>>> >>>>>>>>> >>>>>>>>> On Tue, Aug 18, 2015 at 7:14 PM, Aneela Saleem < >>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>> >>>>>>>>>> Which file i need to write this in? >>>>>>>>>> >>>>>>>>>> On Tue, Aug 18, 2015 at 7:09 PM, Abdelkader Chelouah < >>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> On 18/08/2015 16:05, Aneela Saleem wrote: >>>>>>>>>>> >>>>>>>>>>> I have no slapd.conf. I have cn=conf >>>>>>>>>>> >>>>>>>>>>> On Tue, Aug 18, 2015 at 6:54 PM, Abdelkader Chelouah < >>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> On 18/08/2015 15:51, Aneela Saleem wrote: >>>>>>>>>>>> >>>>>>>>>>>> Thanks Michael and Abdelkader. >>>>>>>>>>>> >>>>>>>>>>>> Abdelkaded the link you provided is for slapd.conf >>>>>>>>>>>> distribution. Can you please guide me how to do "cn=config" >>>>>>>>>>>> distribution? >>>>>>>>>>>> >>>>>>>>>>>> On Tue, Aug 18, 2015 at 6:45 PM, Abdelkader Chelouah < >>>>>>>>>>>> <[email protected]>[email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> On 18/08/2015 15:41, Michael Ströder wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Aneela Saleem wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Can anyone please provide me some link for enabling "ldaps" >>>>>>>>>>>>>>> >>>>>>>>>>>>>> <http://www.openldap.org/doc/admin24/tls.html> >>>>>>>>>>>>>> http://www.openldap.org/doc/admin24/tls.html >>>>>>>>>>>>>> >>>>>>>>>>>>>> Ciao, Michael. >>>>>>>>>>>>>> >>>>>>>>>>>>>> or <http://www.openldap.org/faq/data/cache/185.html> >>>>>>>>>>>>> http://www.openldap.org/faq/data/cache/185.html >>>>>>>>>>>>> >>>>>>>>>>>>> regards >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> You can convert a slapd.conf to cn=config using slaptest >>>>>>>>>>>> >>>>>>>>>>>> slaptest -f path/to/slapd.conf -F path/to/slapd.d >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> # cn=config >>>>>>>>>>> dn: cn=config >>>>>>>>>>> objectClass: olcGlobal >>>>>>>>>>> cn: config >>>>>>>>>>> ... >>>>>>>>>>> olcTLSCACertificateFile: /path/to/cacert >>>>>>>>>>> olcTLSCertificateFile: /path/to/cert >>>>>>>>>>> olcTLSCertificateKeyFile: /path/to/key >>>>>>>>>>> olcTLSCipherSuite: HIGH:MEDIUM:!SSLv3:!SSLv2 >>>>>>>>>>> ... >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> Can you run >>>>>>> >>>>>>> ldapwhoami -vxD cn=admin,cn=config -w 123 -H ldap://localhost:389 >>>>>>> >>>>>>> >>>>>>> >>>>>> Ok, retry the "ldapmodify" command using >>>>>> >>>>>> ldapmodify -xD cn=admin,cn=config -w 123 -H ldap://localhost:389 -f >>>>>> mod_ssl.ldif >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> There is something wrong with your setup. >>> >>> 1/ Stops your instance >>> 2/ Exports your configuration >>> >>> slapcat -F /path/to/slapd.d -n 0 -l config.ldif >>> >>> 3/ Performs the modification directly on config.ldif >>> 4/ Removes the old configuration >>> >>> rm -rf /path/to/slapd.d/* >>> >>> 5/ Imports the new configuration >>> >>> slapadd -F /path/to/slapd.d -n 0 -l config.ldif >>> >>> 6/ Starts your instance >>> >> >> > Did you removed the content of /path/to/slapd.d ? >
