Re: OpenLDAP, OpenSSL, and Fedora 10 Stop Liking One Another ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Oscar Plameras wrote:
1. System1 - I had 3 test servers running OpenLDAP-2.3.30-3.fc6,
OpenSSL-0.9.8b-15.fc6 on Linux-2.6.22.14-72.fc6.
And these were perfectly running with OPENSSL configured on
'slapd.conf' as follows:

lines cut
#
#
TLSCACertificateFile /etc/CA/cacert.pem
TLSCertificateFile    /etc/pki/tls/newcert.pem
TLSCertificateKeyFile /etc/pki/tls/newkey.pem
#
#
lines cut

When I do,

#service ldap restart, and #ps -ax  I have this

slapd -h ldap:/// ldaps:/// -u ldap

I can do simple unsecured or secured queries from here.

1. System2 - Now, I upgraded 2 test servers running
OpenLDAP-2.4.12-1.fc10, OpenSSL-0.9.8g-12.fc10 on
Linux-2.6.29-159.fc10.
Suddenly I can't start slapd correctly. The problem is after
configuring 'slapd.conf' with OPENSSL, as I did in System1 and I
do a

#service ldap restart,  and #ps -ax

I found that I only have this process running:
slapd -h ldap:/// -u ldap. The ldaps:/// process did not start
suggesting I have incorrect certificates.
But I can confirm that my certificates are correct with several tests.

I had expected this process:
slapd -h ldap:/// ldaps:/// -u ldap.

So, when I do TLS secured query like:

#ldapwhoami -x -H ldaps://hostname

I got this:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Has anyone had this problem on FC10 ?

Notes:
1. I can run this manually: #/usr/sbin/slapd -h ldap:/// ldaps:/// -u
ldap and saw slapd -h ldap:/// ldaps:/// -u ldap in my #ps -ax
I can do #ldapwhoami -x. But when I do a #ldapwhoami -x -H
ldaps://hostname I go error message can't connect to server.
2. I can run this manually: #/usr/sbin/slapd -h ldaps:/// -u ldap
I can then test my certificates correctly but SSL does not appear to
have been started.

OpenLDAP 2.4 uses SASL by default.  Install cyrus-sasl-md5 and its
requirements unless you always use simple binds.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks@xxxxxxxx -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-            "You think that's tough?  Try herding cats!"            -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux