| View previous topic :: View next topic |
| Author |
Message |
ninjabadger
Apprentice
Joined: 23 Apr 2003
Posts: 270
Location: Scotland
|
 Posted: Thu Sep 07, 2006 10:46 am Post subject: Bind Error When Testing Slapd |
 |
|
I have emerged openldap and configured it according to the Quick Start Guide.
I know this is a very deep program but I am having problems even getting the simplest examples to run. Is there any documentation available which describes in more detail what may have gone wrong. I am expecting a stupid learning curve with OpenLDAP but not getting the "Hello World" going is a bit much,
| Code: |
localhost openldap-data # ldapsearch -D "cn=Manager,dc=test,dc=com" -W Enter LDAP Password:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
localhost openldap-data #
|
| Code: | localhost openldap-data # ldapadd -x -D "cn=Manager,dc=test,dc=com" -W -f /root/test.ldiff
Enter LDAP Password:
ldap_bind: Can't contact LDAP server (-1)
|
The password is not encrypted
slapd.conf is
| Code: | #
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
# Define SSL and TLS properties (optional)
TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/ssl/ldap.pem
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath /usr/lib/openldap/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=test,dc=COM"
rootdn "cn=Manager,dc=test,dc=COM"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/openldap-data
# Indices to maintain
index objectClass eq |
and openldap/ldap.conf is
| Code: | #
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
BASE dc=test, dc=com
URI ldap://auth.test.com:636/
TLS_REQCERT allow
|
_________________
Is Microsoft Stronger?
No, no, no. Quicker, easier, more seductive. |
|
| Back to top |
|
 |
Leander256
l33t
Joined: 05 Jul 2003
Posts: 910
Location: Singapour
|
| Posted: Fri Sep 08, 2006 8:00 am Post subject: Re: Bind Error When Testing Slapd |
|
|
In your /etc/openldap/ldap.conf you specify the 636 port, which is for secure ldap, or ldaps. Does your slapd daemon listen on port 636 ? I think that by default it must be using only the port 389. This is determined by the command line options in /etc/conf.d/slapd. For now I suggest to try to use only port 389, and deal with SSL connection and certificates when it works. Also, it could be useful to add the option "-d 1" to your ldapsearch command, it could prove very useful for debugging 
(I'm sorry for that short and unaccurate answer but I'm not an OpenLDAP specialist and don't want to write great lengths of text which might be wrong) |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
