[Date Prev][Date Next]
Re: Reg OpenLdap on Ubuntu
openldap user is already a part of ssl-cert group.
Regarding apparmor, I am very much new to this. But I did some research on this and did some changes like :
1. moving the /usr/sbin/slapd profile to complain mode and
2. changing the following lines in /etc/apparmor.d/usr.sbin.slapd from :
After the changes, I did the following :
update-rc.d -f apparmor remove
update-rc.d apparmor defaults
But it yields no positive result.
Is there anything else that I need to do?
Please let me know.
Thank you very much for the reply.
On Mon, Jul 13, 2009 at 8:29 PM, Matt Kassawara <firstname.lastname@example.org>
Make sure slapd can read the certs and private key. In addition to typical ownership and permissions, the openldap user should belong to the ssl-cert group and the slapd AppArmor profile must allow access to the directories containing your certs.
On Mon, Jul 13, 2009 at 5:22 AM, Asimananda Mohanty <email@example.com>
I ran the command "slapd -d 16383" and attached is the output of the same in case it may prove to be useful.
In this output, ldap-company.com.crt is server.crt as defined in in my earlier mails. I have changed it to try some luck, but it was fruitless.
On Mon, Jul 13, 2009 at 10:55 AM, Asimananda Mohanty <firstname.lastname@example.org>
I created the certificates following the procedure defined in https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html
I created a CA and signed the certificate as defined the steps.
The ownership is of openldap:openldap for cacert.pem and server.crt and openldap:ssl-cert for server.key.
rwx permission is 644 for all the three.
Thanks for the reply.
On Fri, Jul 10, 2009 at 7:47 PM, Matt Kassawara <email@example.com>
How did you create the certificates? Can slapd read them?
On Fri, Jul 10, 2009 at 5:00 AM, Asimananda Mohanty <firstname.lastname@example.org>
I am currently busy configuring OpenLdap on my newly installed Ubuntu 9.04.
Here is what I have done till now.
I followed the steps defined in https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html and installation was successful. I installed PhpLdapAdmin also.
After I created certificate, key etc, I created a .ldif file (enable-ca.ldif) with the following content :
Then I executed the command :
ldapmodify -D "cn=admin,cn=config" -x -w 12345678 -f enable-ca.ldif
and it was a success.
But after this, when I tried to restart slapd, I got errors like the following :
main: TLS init def ctx failed: -1
I noticed that after I executed "ldapmodify -D "cn=admin,cn=config" -x -w 12345678 -f enable-ca.ldif", 3 lines are added to /etc/ldap/slapd.d/cn=config.ldif and when I commented the last two lines like the following, slapd started successfully.
This looks quite strange.
Please help me resolving the same.