There are a lot of great tutorials out there too: https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/ https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html
I would say try them all, get a feel for it and install/configure it for your needs. Openldap is a great software with many really cool schemas to expand usage https://fossies.org/linux/ldap-account-manager/docs/manual/apa.html Have fun! On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski <[email protected]> wrote: > Please ignore last message. > > Apparently I have 2 hands, but both are left hands.(freshly cloned OS with > no existing preinstall seemed to work fine and works even after 'systemctl > stop slapd ; systemctl start slapd') > > Can anyone suggest good book for administration of OpenLDAP on > Linux/CentOS. Ideally for kid 5 and up, with many pictures and suitable for > 'late bloomer'. > Thanks! > > Dmitri > > -------- Forwarded Message -------- > Subject: any working documentation? > Date: Mon, 19 Aug 2019 20:26:28 +0100 > From: Dmitri Seletski <[email protected]> <[email protected]> > To: [email protected] > > Hello. > > > I am new to the list, so if you gonna beat me with your feet - please > don't hit me in the face. > > I did not find help/user list. So post here. > > Where can I find working documentation for OpenLDAP? > > Most current i found: > > https://www.openldap.org/doc/admin24/quickstart.html > > It says nothing of TLS encryption. I fail to start service > > See output below: > > > > TLSMC: MozNSS compatibility interception begins. > tlsmc_intercept_initialization: INFO: entry options follow: > tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' > tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' > tlsmc_intercept_initialization: INFO: keyfile = > `/etc/openldap/certs/password' > tlsmc_convert: INFO: trying to open NSS DB with CACertDir = > `/etc/openldap/certs'. > tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir > `/etc/openldap` prefix `certs`. > tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. > tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration > is present. > tlsmc_intercept_initialization: INFO: altered options follow: > tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' > tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' > tlsmc_intercept_initialization: INFO: keyfile = > `/etc/openldap/certs/password' > tlsmc_intercept_initialization: INFO: successfully intercepted TLS > initialization. Continuing with OpenSSL only. > TLSMC: MozNSS compatibility interception ends. > TLS: could not use certificate `OpenLDAP Server'. > TLS: error:02001002:system library:fopen:No such file or directory > bss_file.c:402 > TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 > TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib > ssl_rsa.c:468 > 5d5af51b main: TLS init def ctx failed: -1 > 5d5af51b slapd destroy: freeing system resources. > 5d5af51b slapd stopped. > 5d5af51b connections_destroy: nothing to destroy. > > > > Where can I submit errata to documentation maintainer?(as quick start > clearly doesn't work in my default install of OpenLDAP on CentOS 7) > > And how can I start SLAPD without encryption? > > I can generate self signed private/public key and make ln -s of my CA cert > folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. > At least on 'try out' step. > > Thanks in advance > > Dmitri > >
