[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldapd vs. slapd

I meant in terms of the LDIF file:

objectClass: top
objectClass: account
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson

The above doesn't work. It says that top/account isn't a valid chain.


-----Original Message-----
From: Kline, Sara [mailto:SKline@tnsi.com] 
Sent: Tuesday, April 17, 2012 8:45 AM
To: Richards, Toby
Subject: RE: ldapd vs. slapd

1. This is the order mine are in, you can ignore solaris and DUA as those
are for the solaris boxes, also you can ignore policy that is for the
password policy overlay.
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/DUAConfigProfile.schema
include         /etc/openldap/schema/solaris.schema

2. What do you have in your slapd.conf?
TLSCertificateFile /etc/pki/tls/certs/slapd-cert.pem TLSCertificateKeyFile
/etc/pki/tls/certs/slapd-key.pem TLSCACertificateFile
/etc/pki/tls/certs/slapd-cert.pem TLSVerifyClient never

security        update_ssf=1 update_ssf=112 simple_bind=64

Sara Kline

-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org
[mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Richards, Toby
Sent: Tuesday, April 17, 2012 8:25 AM
To: Brandon Hume; openldap-technical@openldap.org
Subject: RE: ldapd vs. slapd

OK got it. I realized that ldapd is a different product after some more
research this morning. I've got slapd running & responding; however:

1. I cannot figure out the correct order of objectClass statements to reach
inetOrgPerson. I do have the core, cosine, nis, and inetorgperson schemas
included in slapd.conf.

2. slapd won't run on port 636 even though I put "TLS_CACERT
/path/to/cert.crt" and "URI ldaps://toby.org.org" into ldap.conf


-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org
[mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Brandon Hume
Sent: Tuesday, April 17, 2012 7:58 AM
To: openldap-technical@openldap.org
Subject: Re: ldapd vs. slapd

  On 04/16/12 11:02 PM, Richards, Toby wrote:
> For those of you wondering, I'm running OpenBSD 5.0.
openldap-server-2.4.25p0.tgz (depends on: openldap-client-2.4.25.tgz
(depends on cyrus-sasl-2.1.23p7-ldap.tgz)). Typing "ldapd" gets the
appropriate tcp/ip ports responding. Typing "/etc/rc.d/slapd start" does
something, but doesn't give me responses on 349 or 636.

"ldapd" is a service that comes with OpenBSD, and it definitely is not
OpenLDAP.  It will start and sit on the same ports, however, making it
impossible for you to start slapd.

So don't start ldapd.  Kill it if it's already running, then you might be
able to start OpenLDAP.

Also, this might have been a typo, but the non-SSL port for LDAP is 389/tcp,
not 349.

This e-mail message is for the sole use of the intended recipient(s)and may
contain confidential and privileged information of Transaction Network
Any unauthorised review, use, disclosure or distribution is prohibited. If
you are not the intended recipient, please contact the sender by reply
e-mail and destroy all copies of the original message.

Attachment: smime.p7s
Description: S/MIME cryptographic signature