Steven Jones wrote:
8><-----
> see also the configuration
directory ldap url - ldapurl in
> /etc/dirsrv/admin-serv/adm.conf
>
8><-----
> Ok, I fixed the latter by editing the adm.conf to point at
> 636....however I now have a SSL error...
> ============
> [root@vuwunicooimm001 admin-serv]# ldapsearch -x -D
"cn=ldapadmin" -w
> XXXXXXX -b o=netscaperoot "(&(nsServerID=slapd-vuwunicooimm001))"
> ldap_bind: Can't contact LDAP server (-1)
> additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Why is /usr/bin/ldapsearch attempting to use SSL by default?
What's in
your /etc/openldap/ldap.conf or ~/.ldaprc?
Ok, fixed
ldaps changed to ldap
> ============
>
> Ive tried using this syntax but with no joy...
>
> ldapmodify -x -D "cn=directory manager" -w
password
> dn: dn of your server instance entry
> changetype: modify
> replace: nsServerSecurity
> nsServerSecurity: on
>
> so my command is,
>
> ldapmodify -x -D "cn=lpdapadmin" -w password
XXXXXXX
> dn:vuwunicooimm001.vuw.ac.nz changetype: modify replace:
> nsServerSecurity nsServerSecurity on
? this is all on one command line?
Yes...
I guess it's not clear from the
example, but ldapmodify by default wants to read the LDIF input from
stdin - so after you type in
OK.......
$ ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX
it will wait for you to type in the rest on stdin, followed by a blank
line (i.e. hit Enter twice) followed by Ctrl-C or Ctrl-D to "get out" of
ldapmodify
===================
[root@vuwunicooimm001 admin-serv]# ldapmodify -x -D "cn=lpdapadmin"
ldap_bind: Server is unwilling to perform (53)
additional info: Unauthenticated binds are not allowed
[root@vuwunicooimm001 admin-serv]# ldapsearch -x -D "cn=ldapadmin" -w XXXXXX
ldap_bind: No such object (32)
[root@vuwunicooimm001 admin-serv]#
===================
um?
you could also dump those commands in a file and run
$ ldapmodify -x -D "cn=lpdapadmin" -w password XXXXXXX -f /path/to/file.ldif
===================
[root@vuwunicooimm001 admin-serv]# ldapmodify -x -D "cn=lpdapadmin" -w cvbrty542
-f file.ldif
ldap_bind: No such object (32)
[root@vuwunicooimm001 admin-serv]#
===================
8><----------
Is the directory server listening for TLS/SSL requests on port
636?
That is, have you configured the directory server for TLS/SSL and have
you confirmed that it is listening?
8><-----
Before you do anything else, confirm that the directory server
is indeed
listening for TLS/SSL requests on port 636.
=============
[root@vuwunicooimm001 admin-serv]# netstat -a -n |grep :636
tcp 0 0 127.0.0.1:49186 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:49185 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35428 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35429 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35430 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35424 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35425 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35426 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35427 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35412 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35413 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35414 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35415 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35408 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35409 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35410 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35411 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35420 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35421 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35422 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35423 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35416 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35417 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35418 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35419 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35404 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35405 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35406 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35407 127.0.0.1:636 TIME_WAIT
tcp 0 0 127.0.0.1:35403 127.0.0.1:636 TIME_WAIT
tcp 0 0 :::636 :::* LISTEN
[root@vuwunicooimm001 admin-serv]#
============
regards