[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldaps access with RedHat 7.3 installation



Is the ldap server actually listening to ldaps?
run netstat --inet -anp | grep slapd
and see if slapd is listening on port 636.
If it's not then you need to make sure slapd is started with the -h
"ldap:/// ldaps:///" argument.

Also note that there are RPMS available for openldap 2.1.22 for RH 7.3
up on http://www.open-it.org/  well they haven't updated the news yet,
but on their FTP site ftp://ftp.open-it.org/pub/redhat7.3/ there are
srpms and rpms for openldap 2.1.22. I suggest using the SRPM especially
if you have cyrus-sasl2.1.x installed and are wanting sasl support as
their RPMS binaries for 7.3 do not include sasl support.

On Mon, 2003-08-25 at 12:44, Robert Fitzpatrick wrote:
> I am posting this a second time, hope you haven't seen it twice, I
> noticed the previous post was in reply to a message somewhat old and
> hasn't arrived since sending it several hours ago.....
> 
> > Some users have been helped with this doc:
> > http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html.  Give it a
> try.
> > I have only configured OpenLDAP 2.1.x for TLS.  If 2.0.x is
> problematic in
> > that area, I hope someone will chime in and encourage you to upgrade
> to it.
> > 
> 
> Yes, this is a great document. I understand the concept much better now.
> My RedHat 7.3 server already had an OpenLDAP package 2.0.27 installed.
> Not sure if it had been built with the --tls option and not being able
> to get it to work, I built 2.1.22 per the document.
> 
> The server runs fine and all favorable responses through step 6.1. In
> step 4.3, I created the Client Certificate and moved into a directory
> that I could access the files from the workstation. Then on the
> workstation, I moved the files into a certs directory beneath the home
> directory. I proceeded to create the ldap.conf and .ldaprc files as
> shown in the document.
> 
> After I had started the LDAP server in step 6.0, I added the
> organization and manager items without the TLS option locally. So, no
> need to do step 6.1. At step 6.2 I tried a search:
> 
> ldapsearch -b 'dc=webtent,dc=org' -D "cn=Manager,dc=webtent,dc=org"
> '(objectclass=*)' -W -H ldaps://localhost -x
> 
> >From the workstation using this command, I get:
> 
> Enter LDAP Password:
> ldap_bind: Can't contact LDAP server
> 
> What do you think I'm doing wrong? I do have a firewall, but not between
> the workstation and server. And pinging webtent.org from the workstation
> returns the inside IP from local DNS.
-- 
Edward Rudd <eddie@omegaware.com>
Home Page <http://urkle.drip.ws/>