I'm tried to config TLS with Openldap follow this site [URL]. when attempted to sign the cert request by my CA. I have a fault:
root@ldap:/usr/local/openssl/bin# ./CA.sh -sign
Using configuration from /usr/lib/ssl/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
[code]....
Code:
$ su -c 'yum install wine'
this forum won't let me put all the text in Transaction Check Error: package openldap-2.4.21-6.fc13.x86_64 (which is newer than openldap-2.4.21-4.fc13.i686) is already installed package nss-softokn-freebl-3.12.4-19.fc13.x86_64 (which is newer than nss-softokn-freebl-3.12.4-17.fc13.i686) is already installed
I configured my openldap but now I want to implement SSL-TLS
This is my basic slapd.conf configuration
Code:
And I created this script (simple I know) to create this TLS/SSL Config but it won't work users cannot login
path when I am moving certs /etc/openldap/cacerts
Code:
As you see I create the key and certificate, assign permissions, add stuff to slapd.conf and finally copy thecer to a client PC
On client side I use authconfig-tui
My enviroment is Centos 5.5
what is wrong on my config?
Every time I try to setup TLS in openldap using the yast applet. The database blows up and dies. I cannot restart the ldap service unless I create a new database. Basically I get LDAP up and working perfectly. Then I use yast to go and enable TLS and SSL support. I put in the paths of the certs. Then hit okay and that is when it blows up. I cannot restart the service. I follow the directions exactly in the link below.
OpenLDAP Faq-O-Matic: How do I use TLS/SSL?
Where is says "using certificates".
Here is what it says in the /var/log/messages
Code:
Jul 6 16:45:31 leia slapd[23996]: @(#) $OpenLDAP: slapd 2.4.17 (Oct 24 2009 04:51:18) $#012#011abuild@build32:/usr/src/packages/BUILD/openldap-2.4.17/servers/slapd
Jul 6 16:45:31 leia slapd[23996]: config error processing cn=schema,cn=config:
Jul 6 16:45:31 leia slapd[23996]: slapd stopped.
Jul 6 16:45:31 leia slapd[23996]: connections_destroy: nothing to destroy.
Jul 6 16:45:31 leia startproc: startproc: exit status of parent of /usr/lib/openldap/slapd: 1
How can I enable TLS/SSL on openldap in opensuse 11.2 without the database dying?
I was trying to find documentation on how to add an a new object into openldap, however I can not seam to find a good walk through.
Just so everyone knows what I'm trying to do, I need to add a new object called bannerid, this bannerid is a unique id that will help me find student accounts in my openldap directly much quicker.
Openldap 2.4.11 uses cn=config as the main configuration instead of slapd.conf .
How to add a new schema to openldap 2.4.11 that uses cn=config.
I was thinking of merging my openldap and samba bdc servers. Is it ok for a server to authenticate against itself? (ie ldap.conf points to localhost)
View 1 Replies View RelatedI have a RHEL 5.4 server installed in a server farm. The server is administered under a central AD, which means that administrators are registered in the AD.
However, I have to deploy an application on the linux server, that will use it's own OpenLDAP server. This means that this application will be the client to the LDAP server installed on the same RHEL server.
I tried installing OpenLDAP using yum and it resulted in a very fatal issue. Somehow the configuration files used for finding the Linux server from the AD was overwritten and the Linux server was not reachable anymore.
After some investigations, and possibly, rebuild, the server has been handed over to me.
The problem is how should I install OpenLDAP so that the existing connection to AD is not lost.
On the Linux server I see a /etc/openldap directory but only contains ldap.conf and cacerts directory.
I am having some trouble with Cyrus SASL and OpenLDAP. I tried to configure OpenLDAP using SASL for all conection but I cannot map the SASL-DN to OpenLDAP's DN. Below is my configuration file, slapd.conf
[code]...
After I finished the configuration, I try to use ldapsearch tool to verify, but I cannot:
[code]...
We are in the process of integrating openldap into our application and existing AD used is MSAD. We would like to access the users created in openldap in our application(Java code) and then autheticate them against the details in AD(openldap). We are using Spring LDAP connection for fetching openldap connections. We have the following code with MSAD:
Code:
userAttributes.get("distinguishedName").toString()
this works because MSAD user objectclass has an attribute 'distinguishedName' to get the user DN. There is no such provision in openldap or is there anyother way to retrieve the DN in openldap ?
I have OpenLDAP and Dovecot installed based on the following documents. DovecotLDAP OpenLDAPServer (using RTC) When Dovecot is set up to log in with out using LDAP connections work fine. However as soon as I change the dovecot.conf to use ldap I get the following error when trying to log in:
[Code]....
I want to configure Netgroup in openldap. I am using Redhat Linux 5.5.
View 1 Replies View RelatedI currently have an OpenLDAP server where everytime I add a new user their DN looks like this:
DN: cn=username,ou=people,dc=domainname,dc=com
Is their anyway I can change there dn to be in the following format?
username@domainname.com
I'm having much problems trying to configure openldap on Ubuntu 10.0.4 LTS
I have tried many tutorials, many configuration but still without results, I made the following script (for not repeating the same work, again & again)
Code:
#!/bin/sh
passwd=xxxxxx
dc1=host
dc2=com
[Code]....
I'm trying to get SASL working with OpenLDAP + TLS. I got it working without TLS with these settings:
[code]...
What i'm doing wrong?
I was trying to run openldap in /usr/local/libexec on ./slapd command.
As usual, it doesn't respond anything which is normal (side qns: can anyone tell me why ./slapd doesn't even return me a status message?)
Then I went on to check ps -ef | grep slapd, but found that the ./slapd was not in process at all (means its not running). If it ran successfully, it should be in my process.
I want to build a domain like abc.com in my LAN environment. Kindly tell me step by step procedure of installing OpenLDAP on CentOS 5.3.
View 2 Replies View RelatedI configured OpenLdap and now I want to configure it using TLS-SSL
But I cannot get it working with the Linux clients. Environment: Centos 5.5
Openldap Server configuration:
I am planning to deploy an OpenLDAP server in my LAN for basic authentication, but I have no idea how to do it. I would like to know how to configure an OpenLDAP Server, and I would also like to know about knowledge resources, if any.
View 3 Replies View RelatedAfter installing F11, I installed OpenLdap with the command "yum -y install openldap*" And added the password obtained through the command "slappasswd -s password -h {MD5}" into /etc/openldap/slapd.conf. Also, I specified the domain information within the file on "suffix" and "rootdn". I also modified the domain name in both /etc/openldap/ldap.conf and /etc/ldap.conf. I copied the Copied the /usr/share/doc/openldap-servers-2.4.15/DB_CONFIG.example to /var/lib/ldap/DB_CONFIG. Then started the server with the command /etc/rc.d/init.d/ldap start I then was able to create and delete OU's and CN's with the help of ldapadd and ldapdelete. I also created PERSON records using the base.ldif file with the content ;
dn: cn=user1, ou=domain, dc=example, dc=com
objectClass: person
cn: user1
sn: user1
Everything is OK until I try to add a person with an email address in the "mail" attribute. The error message is ;
***************************
adding new entry "cn=user1, ou=domain, dc=example, dc=com
ldap_add: Object class violation (65)
additional info: attribute 'mail' not allowed
***************************
This error message is appearing also with "uid" attribute. I have searched some forums and found some suggestions to include the line
"include /etc/openldap/schema/inetorgperson.scheme" in the file /etcopenldap/slapd.conf, which is already in.
I have been using OpenLDAP 2.4 with OpenSuse 11 without any issues but I now want to configure replication and can't see how it's done . The OpenLDAP 2.4 admin guide refers to the slapd.conf configuration file but this is not used by YaST.
View 4 Replies View RelatedI want to create a new LDAP database.
Part of the new configuration is
Code:
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
[Code].....
I have this group "cn=admins,ou=groups,dc=home,dc=com" And I've configured slapd in the new way so I'm not using slapd.conf (I think). First I thought about just modifying the files at /etc/ldap/cn=config/....... but that didn't work. How do I make that group into an admin-group with all the rights ?
View 3 Replies View RelatedThere are several parts of problems in my question.
1. Install openLDAP and authenticate clients
2. Simple way to authenticate Ubuntu clients (just like Windows simple domain model, but Linux)
Part 1 What I have done: I have been working on openLDAP for the past 4 weeks. There is a lot of information on LDAP and I have read a lot of it There are several guides out there for openLDAP installation on Ubuntu, and I have tried many of them, and reinstalled the server between tests.
[Code]...
Part 2 Simple way to authenticate Ubuntu clients (just like Windows simple domain model, but Linux)
I have tried to find something similar to Windows client login, but haven't found anything that works. I just need to be pointed to somewhere to read about the authentication model in Linux. I can work out my from there. It must be something very simple I am missing, because when I read som echapters in The Ubunutu Bible, I can't find anything on it.
I've just setup OpenLDAP on Ubuntu Server 10.04.2 following this guide:
[URL]
It's mostly working well, but I do have one issue. I thought that after configuring TLS that it would be best to disable access via other means to keep connections to the LDAP server more secure, before doing so I wanted to check that I could actually connect to OpenLDAP on the localhost using the following command:
ldapmodify -Y EXTERNAL -H ldaps:///
But got the following output:
TLS: can't connect: (unknown error code).
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: (unknown error code)
This looks like some simple misconfiguration on my part, but I can't see where it's wrong, nor could I find any answers by googling.
I should point out that I'm able to connect to the LDAP server from a different host on the network using ldaps:/// (via Apache Directory Studio), so I'm quite surprised that I can connect from another system, but not via the loopback.
At this stage this is really a learning exercise for me, I just want to get to grips with LDAP and I find that when starting out the best thing to do is play with the actual configs to get to know my way around, but this has me stumped.
I imagine this is either a very simple config issue or I'm trying to do something that isn't necessary. I'd really like to understand what I'm doing wrong or alternatively why trying to do this is unnecessary/irrelevant.
[Edit] In summary my main goal is to only allow secured access to the LDAP server, not transmit data in plaintext across the network.
I'm using openldap(slapd) to store user account..But how can i ensure that each UserID can be only login on one machine at any one time?
I'm using ubuntu for both client and server..
I am systems administator of the university CS lab. I have a Mac here and I'm trying to extend the directory to our OpenLDAP server. We use NFS as well. I know nothing of Macs in this respect except for the fact that they already have LDAP on them, which seems to be convenient.
View 3 Replies View RelatedI have just installed openldap on my Red Hat server and it is running:
[code]...
However when I try to add my first ldif file base.ldif, no matter how many time I enter in the correct password I get invalid credentials [root@server init.d]# ldapadd -D "cn=Manager,dc=mathcs.duq,dc=edu" -W -f /home/oberlanderm/base.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) I have to be forgetting someting simple,
[code]....
configuring single signon using ldap
View 1 Replies View RelatedIs it possible to monitor WiFi connections and identify who are connected through OpenLDAP? If so, how will authentication be possible? By the way, I'm open if OpenLDAP is inappropriate for such authentication purposes and scenario.
View 2 Replies View Related