OpenLDAP, OpenSSL, and Fedora 10 Stop Liking One Another ?
Oscar Plameras
oscarplameras at gmail.com
Tue Feb 3 23:18:11 UTC 2009
I have these cyrus modules installed:
cyrus-sasl-md5-2.1.22-19.fc10.i386
cyrus-sasl-lib-2.1.22-19.fc10.i386
cyrus-sasl-krb4-2.1.22-19.fc10.i386
cyrus-sasl-plain-2.1.22-19.fc10.i386
cyrus-sasl-devel-2.1.22-19.fc10.i386
cyrus-sasl-2.1.22-19.fc10.i386
OPlameras
On Wed, Feb 4, 2009 at 9:59 AM, Rick Stevens <ricks at nerd.com> wrote:
> Oscar Plameras wrote:
>>
>> 1. System1 - I had 3 test servers running OpenLDAP-2.3.30-3.fc6,
>> OpenSSL-0.9.8b-15.fc6 on Linux-2.6.22.14-72.fc6.
>> And these were perfectly running with OPENSSL configured on
>> 'slapd.conf' as follows:
>>
>> lines cut
>> #
>> #
>> TLSCACertificateFile /etc/CA/cacert.pem
>> TLSCertificateFile /etc/pki/tls/newcert.pem
>> TLSCertificateKeyFile /etc/pki/tls/newkey.pem
>> #
>> #
>> lines cut
>>
>> When I do,
>>
>> #service ldap restart, and #ps -ax I have this
>>
>> slapd -h ldap:/// ldaps:/// -u ldap
>>
>> I can do simple unsecured or secured queries from here.
>>
>> 1. System2 - Now, I upgraded 2 test servers running
>> OpenLDAP-2.4.12-1.fc10, OpenSSL-0.9.8g-12.fc10 on
>> Linux-2.6.29-159.fc10.
>> Suddenly I can't start slapd correctly. The problem is after
>> configuring 'slapd.conf' with OPENSSL, as I did in System1 and I
>> do a
>>
>> #service ldap restart, and #ps -ax
>>
>> I found that I only have this process running:
>> slapd -h ldap:/// -u ldap. The ldaps:/// process did not start
>> suggesting I have incorrect certificates.
>> But I can confirm that my certificates are correct with several tests.
>>
>> I had expected this process:
>> slapd -h ldap:/// ldaps:/// -u ldap.
>>
>> So, when I do TLS secured query like:
>>
>> #ldapwhoami -x -H ldaps://hostname
>>
>> I got this:
>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>>
>> Has anyone had this problem on FC10 ?
>>
>> Notes:
>> 1. I can run this manually: #/usr/sbin/slapd -h ldap:/// ldaps:/// -u
>> ldap and saw slapd -h ldap:/// ldaps:/// -u ldap in my #ps -ax
>> I can do #ldapwhoami -x. But when I do a #ldapwhoami -x -H
>> ldaps://hostname I go error message can't connect to server.
>> 2. I can run this manually: #/usr/sbin/slapd -h ldaps:/// -u ldap
>> I can then test my certificates correctly but SSL does not appear to
>> have been started.
>
> OpenLDAP 2.4 uses SASL by default. Install cyrus-sasl-md5 and its
> requirements unless you always use simple binds.
> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer ricks at nerd.com -
> - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
> - -
> - "You think that's tough? Try herding cats!" -
> ----------------------------------------------------------------------
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>
More information about the fedora-list
mailing list