Results 1 to 3 of 3

Thread: LDAP server setting/connectin help

  1. #1
    ahmedmakki NNTP User

    Default LDAP server setting/connectin help

    Hi There,
    please i need your help with LDAP server settings.. I'm using Suse 10 to setup the server to run it on SSL and i'm trying to talk to this server from a java application running on differnet machine. i got a Self-signed certificate gnerated and stored on my Suse machine (folowed this toturial) .

    problems i have related to running and connecting LDAP SSL internally and externally. at the moment, the error message show: can't contact LDAP server (-1)..

    here are my 3 conf files /etc/openldap/slapd.conf, /etc/openldap/ldap.conf and /etc/ldap.conf

    1) /etc/openldap/slapd.conf

    #
    # See slapd.conf(5) for details on configuration options.
    # This file should NOT be world readable.
    #
    include /etc/openldap/schema/core.schema
    include /etc/openldap/schema/cosine.schema
    include /etc/openldap/schema/dyngroup.schema
    include /etc/openldap/schema/nis.schema
    include /etc/openldap/schema/inetorgperson.schema
    include /etc/openldap/schema/misc.schema
    include /etc/openldap/schema/openldap.schema
    # Define global ACLs to disable default read access.

    pidfile /var/run/slapd/slapd.pid
    argsfile /var/run/slapd/slapd.args

    # Load dynamic backend modules:
    modulepath /usr/lib/openldap/modules

    security ssf=1 update_ssf=112 simple_bind=64

    access to dn.base=""
    by * read

    access to dn.base="cn=Subschema"
    by * read

    access to attrs=userPassword,userPKCS12
    by self write
    by * auth

    access to attrs=shadowLastChange
    by self write
    by * read

    access to *
    by * read

    #TLSCACertificatePath /etc/ssl/certs

    TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3

    TLSCACertificateFile /home/newx509/ca.cert
    TLSCertificateFile /home/newx509/ldap.cert
    TLSCertificateKeyFile /home/newx509/ldap.key

    loglevel 257
    #######################################################################
    # BDB database definitions
    #######################################################################
    database bdb
    <data base details>


    2) /etc/openldap/ldap.conf

    base dc=sample,dc=com
    uri ldaps://127.127.111.33

    TLS_CACERT /home/newx509/ca.cert
    TLS_REQCERT demand

    3) /etc/ldap.conf
    #
    uri ldaps://135.127.111.33
    port 636

    base dc=sample,dc=com

    ldap_version 3

    # Don't try forever if the LDAP server is not reacheable
    bind_policy soft

    rootbinddn cn=admin,dc=sample,dc=com

    pam_lookup_policy yes

    pam_password crypt

    ssl no
    ssl start_tls

    pam_filter objectclass=posixAccount
    nss_base_passwd ou=people,dc=ooba,dc=com
    nss_base_shadow ou=people,dc=ooba,dc=com
    nss_base_group ou=people,dc=ooba,dc=com
    tls_checkpeer no

    tls_cacert /home/newx509/ca.cert
    tls_reqcert demand

    *******************************************************
    any idea why i can't talk to the server? any idea please?

    Thanks
    Ahmed

  2. #2
    Join Date
    Oct 2008
    Location
    North Wales, UK
    Posts
    1,114

    Default Re: LDAP server setting/connectin help

    Are you using opensuse 10 or suse linux enterprise server (sles) 10?
    In sles:
    If you go to yast>network services>ldap server and then select configure>global it will allow you to set up a server certificate and take out any uncertainties in the certificate creation.
    I think opensuse 10.x should be pretty much the same.

  3. #3
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: LDAP server setting/connectin help

    @ahmedmakki: You might want to learn to use the ldapsearch program to interact with the LDAP server (slapd) from the command line to check things instead of tedious debugging with your Java program.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •