I meant in terms of the LDIF file: objectClass: top objectClass: account objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: organizationalPerson objectClass: inetOrgPerson The above doesn't work. It says that top/account isn't a valid chain. -Toby -----Original Message----- From: Kline, Sara [mailto:SKline@tnsi.com] Sent: Tuesday, April 17, 2012 8:45 AM To: Richards, Toby Subject: RE: ldapd vs. slapd 1. This is the order mine are in, you can ignore solaris and DUA as those are for the solaris boxes, also you can ignore policy that is for the password policy overlay. include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/DUAConfigProfile.schema include /etc/openldap/schema/solaris.schema 2. What do you have in your slapd.conf? TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/pki/tls/certs/slapd-cert.pem TLSCertificateKeyFile /etc/pki/tls/certs/slapd-key.pem TLSCACertificateFile /etc/pki/tls/certs/slapd-cert.pem TLSVerifyClient never security update_ssf=1 update_ssf=112 simple_bind=64 Thanks, Sara Kline -----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Richards, Toby Sent: Tuesday, April 17, 2012 8:25 AM To: Brandon Hume; email@example.com Subject: RE: ldapd vs. slapd OK got it. I realized that ldapd is a different product after some more research this morning. I've got slapd running & responding; however: 1. I cannot figure out the correct order of objectClass statements to reach inetOrgPerson. I do have the core, cosine, nis, and inetorgperson schemas included in slapd.conf. 2. slapd won't run on port 636 even though I put "TLS_CACERT /path/to/cert.crt" and "URI ldaps://toby.org.org" into ldap.conf -Toby -----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Brandon Hume Sent: Tuesday, April 17, 2012 7:58 AM To: firstname.lastname@example.org Subject: Re: ldapd vs. slapd On 04/16/12 11:02 PM, Richards, Toby wrote: > For those of you wondering, I'm running OpenBSD 5.0. openldap-server-2.4.25p0.tgz (depends on: openldap-client-2.4.25.tgz (depends on cyrus-sasl-2.1.23p7-ldap.tgz)). Typing "ldapd" gets the appropriate tcp/ip ports responding. Typing "/etc/rc.d/slapd start" does something, but doesn't give me responses on 349 or 636. "ldapd" is a service that comes with OpenBSD, and it definitely is not OpenLDAP. It will start and sit on the same ports, however, making it impossible for you to start slapd. So don't start ldapd. Kill it if it's already running, then you might be able to start OpenLDAP. Also, this might have been a typo, but the non-SSL port for LDAP is 389/tcp, not 349. This e-mail message is for the sole use of the intended recipient(s)and may contain confidential and privileged information of Transaction Network Services. Any unauthorised review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
Description: S/MIME cryptographic signature