LDAP server setting/connectin help

English Network/Internet
#1

Hi There,
please i need your help with LDAP server settings… I’m using Suse 10 to setup the server to run it on SSL and i’m trying to talk to this server from a java application running on differnet machine. i got a Self-signed certificate gnerated and stored on my Suse machine (folowed this toturial) .

problems i have related to running and connecting LDAP SSL internally and externally. at the moment, the error message show: can’t contact LDAP server (-1)…

here are my 3 conf files /etc/openldap/slapd.conf, /etc/openldap/ldap.conf and /etc/ldap.conf

  1. /etc/openldap/slapd.conf

See slapd.conf(5) for details on configuration options.

This file should NOT be world readable.

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/openldap.schema

Define global ACLs to disable default read access.

pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args

Load dynamic backend modules:

modulepath /usr/lib/openldap/modules

security ssf=1 update_ssf=112 simple_bind=64

access to dn.base=""
by * read

access to dn.base=“cn=Subschema”
by * read

access to attrs=userPassword,userPKCS12
by self write
by * auth

access to attrs=shadowLastChange
by self write
by * read

access to *
by * read

#TLSCACertificatePath /etc/ssl/certs

TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2:+SSLv3

TLSCACertificateFile /home/newx509/ca.cert
TLSCertificateFile /home/newx509/ldap.cert
TLSCertificateKeyFile /home/newx509/ldap.key

loglevel 257
#######################################################################

BDB database definitions

#######################################################################
database bdb
<data base details>

  1. /etc/openldap/ldap.conf

base dc=sample,dc=com
uri ldaps://127.127.111.33

TLS_CACERT /home/newx509/ca.cert
TLS_REQCERT demand

  1. /etc/ldap.conf

uri ldaps://135.127.111.33
port 636

base dc=sample,dc=com

ldap_version 3

Don’t try forever if the LDAP server is not reacheable

bind_policy soft

rootbinddn cn=admin,dc=sample,dc=com

pam_lookup_policy yes

pam_password crypt

ssl no
ssl start_tls

pam_filter objectclass=posixAccount
nss_base_passwd ou=people,dc=ooba,dc=com
nss_base_shadow ou=people,dc=ooba,dc=com
nss_base_group ou=people,dc=ooba,dc=com
tls_checkpeer no

tls_cacert /home/newx509/ca.cert
tls_reqcert demand

any idea why i can’t talk to the server? any idea please?

Thanks
Ahmed

#2

Are you using opensuse 10 or suse linux enterprise server (sles) 10?
In sles:
If you go to yast>network services>ldap server and then select configure>global it will allow you to set up a server certificate and take out any uncertainties in the certificate creation.
I think opensuse 10.x should be pretty much the same.

#3

@ahmedmakki: You might want to learn to use the ldapsearch program to interact with the LDAP server (slapd) from the command line to check things instead of tedious debugging with your Java program.