Thank you very much for your response Dave.
As per second link, I was able to create working copy of LDAP server,
that did not crash on me complaining about encryption.
So I can recreate working environment. I am not seeking to be able to
mindlessly copy someone's config files and start service as 'my own'.
Can someone suggest PDF book(which I am willing to buy, even if it's
expensive, eastern European paying money for digital property, I know,
right?) or some other non DRM book?
Something that will give me good insight on LDAP.
Thank you in advance.
Dmitri Seletski
On 20/08/2019 13:32, Dave Macias wrote:
There are a lot of great tutorials out there too:
https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/
https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html
I would say try them all, get a feel for it and install/configure it
for your needs.
Openldap is a great software with many really cool schemas to expand usage
https://fossies.org/linux/ldap-account-manager/docs/manual/apa.html
Have fun!
On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski <[email protected]
<mailto:[email protected]>> wrote:
Please ignore last message.
Apparently I have 2 hands, but both are left hands.(freshly cloned
OS with no existing preinstall seemed to work fine and works even
after 'systemctl stop slapd ; systemctl start slapd')
Can anyone suggest good book for administration of OpenLDAP on
Linux/CentOS. Ideally for kid 5 and up, with many pictures and
suitable for 'late bloomer'.
Thanks!
Dmitri
-------- Forwarded Message --------
Subject: any working documentation?
Date: Mon, 19 Aug 2019 20:26:28 +0100
From: Dmitri Seletski <[email protected]> <mailto:[email protected]>
To: [email protected]
<mailto:[email protected]>
Hello.
I am new to the list, so if you gonna beat me with your feet -
please don't hit me in the face.
I did not find help/user list. So post here.
Where can I find working documentation for OpenLDAP?
Most current i found:
https://www.openldap.org/doc/admin24/quickstart.html
It says nothing of TLS encryption. I fail to start service
See output below:
TLSMC: MozNSS compatibility interception begins.
tlsmc_intercept_initialization: INFO: entry options follow:
tlsmc_intercept_initialization: INFO: cacertdir =
`/etc/openldap/certs'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile =
`/etc/openldap/certs/password'
tlsmc_convert: INFO: trying to open NSS DB with CACertDir =
`/etc/openldap/certs'.
tlsmc_open_nssdb: INFO: trying to initialize moznss using security
dir `/etc/openldap` prefix `certs`.
tlsmc_open_nssdb: WARN: could not initialize MozNSS context -
error -8015.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM
configuration is present.
tlsmc_intercept_initialization: INFO: altered options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile =
`/etc/openldap/certs/password'
tlsmc_intercept_initialization: INFO: successfully intercepted TLS
initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLS: could not use certificate `OpenLDAP Server'.
TLS: error:02001002:system library:fopen:No such file or directory
bss_file.c:402
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
TLS: error:140AD002:SSL
routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468
5d5af51b main: TLS init def ctx failed: -1
5d5af51b slapd destroy: freeing system resources.
5d5af51b slapd stopped.
5d5af51b connections_destroy: nothing to destroy.
Where can I submit errata to documentation maintainer?(as quick
start clearly doesn't work in my default install of OpenLDAP on
CentOS 7)
And how can I start SLAPD without encryption?
I can generate self signed private/public key and make ln -s of my
CA cert folder to 'cacertdir = `/etc/openldap'', but this seems
SOOO unnecessary. At least on 'try out' step.
Thanks in advance
Dmitri
