Re: any working documentation?
Am Mon, 19 Aug 2019 20:26:28 +0100 schrieb Dmitri Seletski : > Hello. > > > I am new to the list, so if you gonna beat me with your feet - please > don't hit me in the face. > > I did not find help/user list. So post here. > > Where can I find working documentation for OpenLDAP? > > Most current i found: > > https://www.openldap.org/doc/admin24/quickstart.html > > It says nothing of TLS encryption. I fail to start service > > See output below: It seems you use MOZNSS instead of openSSL, check slapd for the built-in ssl library. > TLSMC: MozNSS compatibility interception begins. > tlsmc_intercept_initialization: INFO: entry options follow: > tlsmc_intercept_initialization: INFO: cacertdir = > `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile > = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = > `/etc/openldap/certs/password' > tlsmc_convert: INFO: trying to open NSS DB with CACertDir = > `/etc/openldap/certs'. > tlsmc_open_nssdb: INFO: trying to initialize moznss using security > dir `/etc/openldap` prefix `certs`. > tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error > -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM > configuration is present. > tlsmc_intercept_initialization: INFO: altered options follow: > tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' > tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' > tlsmc_intercept_initialization: INFO: keyfile = > `/etc/openldap/certs/password' > tlsmc_intercept_initialization: INFO: successfully intercepted TLS > initialization. Continuing with OpenSSL only. > TLSMC: MozNSS compatibility interception ends. > TLS: could not use certificate `OpenLDAP Server'. > TLS: error:02001002:system library:fopen:No such file or directory > bss_file.c:402 > TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 > TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system > lib ssl_rsa.c:468 > 5d5af51b main: TLS init def ctx failed: -1 > 5d5af51b slapd destroy: freeing system resources. > 5d5af51b slapd stopped. > 5d5af51b connections_destroy: nothing to destroy. > > > > Where can I submit errata to documentation maintainer?(as quick start > clearly doesn't work in my default install of OpenLDAP on CentOS 7) That is most likely because of MOZNSS in a OpenSSL envirement or vice versa. > And how can I start SLAPD without encryption? Just disable TLS in slapd.conf and ldap.conf {...] -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
Antw: Re: any working documentation?
>>> Dmitri Seletski schrieb am 20.08.2019 um 18:39 in >>> Nachricht <8cb57eed-9577-6df9-2295-8958f04e7...@gmail.com>: > Thank you very much for your response Dave. > > > As per second link, I was able to create working copy of LDAP server, > that did not crash on me complaining about encryption. > > So I can recreate working environment. I am not seeking to be able to > mindlessly copy someone's config files and start service as 'my own'. > > Can someone suggest PDF book(which I am willing to buy, even if it's > expensive, eastern European paying money for digital property, I know, > right?) or some other non DRM book? > > Something that will give me good insight on LDAP. Years ago there was an IBM Readbook named "Understanding LDAP Design and Implementation". Maybe it's still available. That you could use as start. Regards, Ulrich > > Thank you in advance. > > Dmitri Seletski > > On 20/08/2019 13:32, Dave Macias wrote: >> There are a lot of great tutorials out there too: >> https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/ >> > https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-serve > r-configuration-centos-7-rhel-7.html >> >> >> I would say try them all, get a feel for it and install/configure it >> for your needs. >> Openldap is a great software with many really cool schemas to expand usage >> https://fossies.org/linux/ldap-account-manager/docs/manual/apa.html >> >> Have fun! >> >> On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski > <mailto:drj...@gmail.com>> wrote: >> >> Please ignore last message. >> >> Apparently I have 2 hands, but both are left hands.(freshly cloned >> OS with no existing preinstall seemed to work fine and works even >> after 'systemctl stop slapd ; systemctl start slapd') >> >> Can anyone suggest good book for administration of OpenLDAP on >> Linux/CentOS. Ideally for kid 5 and up, with many pictures and >> suitable for 'late bloomer'. >> >> Thanks! >> >> Dmitri >> >> Forwarded Message >> Subject: any working documentation? >> Date:Mon, 19 Aug 2019 20:26:28 +0100 >> From:Dmitri Seletski <mailto:drj...@gmail.com> >> To: openldap-technical@openldap.org >> <mailto:openldap-technical@openldap.org> >> >> >> >> Hello. >> >> >> I am new to the list, so if you gonna beat me with your feet - >> please don't hit me in the face. >> >> I did not find help/user list. So post here. >> >> Where can I find working documentation for OpenLDAP? >> >> Most current i found: >> >> https://www.openldap.org/doc/admin24/quickstart.html >> >> It says nothing of TLS encryption. I fail to start service >> >> See output below: >> >> >> >> TLSMC: MozNSS compatibility interception begins. >> tlsmc_intercept_initialization: INFO: entry options follow: >> tlsmc_intercept_initialization: INFO: cacertdir = >> `/etc/openldap/certs' >> tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' >> tlsmc_intercept_initialization: INFO: keyfile = >> `/etc/openldap/certs/password' >> tlsmc_convert: INFO: trying to open NSS DB with CACertDir = >> `/etc/openldap/certs'. >> tlsmc_open_nssdb: INFO: trying to initialize moznss using security >> dir `/etc/openldap` prefix `certs`. >> tlsmc_open_nssdb: WARN: could not initialize MozNSS context - >> error -8015. >> tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM >> configuration is present. >> tlsmc_intercept_initialization: INFO: altered options follow: >> tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' >> tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' >> tlsmc_intercept_initialization: INFO: keyfile = >> `/etc/openldap/certs/password' >> tlsmc_intercept_initialization: INFO: successfully intercepted TLS >> initialization. Continuing with OpenSSL only. >> TLSMC: MozNSS compatibility interception ends. >> TLS: could not use certificate `OpenLDAP Server'. >> TLS: error:02001002:system library:fopen:No such file or directory >> bss_file.c:402 >> TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 >> TLS: error:140AD002:SSL >> routines:SSL_CTX_use_certificate_file:sys
Re: any working documentation?
Thank you very much for your response Dave. As per second link, I was able to create working copy of LDAP server, that did not crash on me complaining about encryption. So I can recreate working environment. I am not seeking to be able to mindlessly copy someone's config files and start service as 'my own'. Can someone suggest PDF book(which I am willing to buy, even if it's expensive, eastern European paying money for digital property, I know, right?) or some other non DRM book? Something that will give me good insight on LDAP. Thank you in advance. Dmitri Seletski On 20/08/2019 13:32, Dave Macias wrote: There are a lot of great tutorials out there too: https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/ https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html I would say try them all, get a feel for it and install/configure it for your needs. Openldap is a great software with many really cool schemas to expand usage https://fossies.org/linux/ldap-account-manager/docs/manual/apa.html Have fun! On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski <mailto:drj...@gmail.com>> wrote: Please ignore last message. Apparently I have 2 hands, but both are left hands.(freshly cloned OS with no existing preinstall seemed to work fine and works even after 'systemctl stop slapd ; systemctl start slapd') Can anyone suggest good book for administration of OpenLDAP on Linux/CentOS. Ideally for kid 5 and up, with many pictures and suitable for 'late bloomer'. Thanks! Dmitri Forwarded Message Subject:any working documentation? Date: Mon, 19 Aug 2019 20:26:28 +0100 From: Dmitri Seletski <mailto:drj...@gmail.com> To: openldap-technical@openldap.org <mailto:openldap-technical@openldap.org> Hello. I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face. I did not find help/user list. So post here. Where can I find working documentation for OpenLDAP? Most current i found: https://www.openldap.org/doc/admin24/quickstart.html It says nothing of TLS encryption. I fail to start service See output below: TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'. tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`. tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS: could not use certificate `OpenLDAP Server'. TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402 TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468 5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: freeing system resources. 5d5af51b slapd stopped. 5d5af51b connections_destroy: nothing to destroy. Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7) And how can I start SLAPD without encryption? I can generate self signed private/public key and make ln -s of my CA cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. At least on 'try out' step. Thanks in advance Dmitri
Re: any working documentation?
There are a lot of great tutorials out there too: https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/ https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html I would say try them all, get a feel for it and install/configure it for your needs. Openldap is a great software with many really cool schemas to expand usage https://fossies.org/linux/ldap-account-manager/docs/manual/apa.html Have fun! On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski wrote: > Please ignore last message. > > Apparently I have 2 hands, but both are left hands.(freshly cloned OS with > no existing preinstall seemed to work fine and works even after 'systemctl > stop slapd ; systemctl start slapd') > > Can anyone suggest good book for administration of OpenLDAP on > Linux/CentOS. Ideally for kid 5 and up, with many pictures and suitable for > 'late bloomer'. > Thanks! > > Dmitri > > ---- Forwarded Message ---- > Subject: any working documentation? > Date: Mon, 19 Aug 2019 20:26:28 +0100 > From: Dmitri Seletski > To: openldap-technical@openldap.org > > Hello. > > > I am new to the list, so if you gonna beat me with your feet - please > don't hit me in the face. > > I did not find help/user list. So post here. > > Where can I find working documentation for OpenLDAP? > > Most current i found: > > https://www.openldap.org/doc/admin24/quickstart.html > > It says nothing of TLS encryption. I fail to start service > > See output below: > > > > TLSMC: MozNSS compatibility interception begins. > tlsmc_intercept_initialization: INFO: entry options follow: > tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' > tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' > tlsmc_intercept_initialization: INFO: keyfile = > `/etc/openldap/certs/password' > tlsmc_convert: INFO: trying to open NSS DB with CACertDir = > `/etc/openldap/certs'. > tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir > `/etc/openldap` prefix `certs`. > tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. > tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration > is present. > tlsmc_intercept_initialization: INFO: altered options follow: > tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' > tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' > tlsmc_intercept_initialization: INFO: keyfile = > `/etc/openldap/certs/password' > tlsmc_intercept_initialization: INFO: successfully intercepted TLS > initialization. Continuing with OpenSSL only. > TLSMC: MozNSS compatibility interception ends. > TLS: could not use certificate `OpenLDAP Server'. > TLS: error:02001002:system library:fopen:No such file or directory > bss_file.c:402 > TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 > TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib > ssl_rsa.c:468 > 5d5af51b main: TLS init def ctx failed: -1 > 5d5af51b slapd destroy: freeing system resources. > 5d5af51b slapd stopped. > 5d5af51b connections_destroy: nothing to destroy. > > > > Where can I submit errata to documentation maintainer?(as quick start > clearly doesn't work in my default install of OpenLDAP on CentOS 7) > > And how can I start SLAPD without encryption? > > I can generate self signed private/public key and make ln -s of my CA cert > folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. > At least on 'try out' step. > > Thanks in advance > > Dmitri > >
RE: any working documentation?
http://www.openldap.org/doc/admin24/tls.html And maybe something like this: https://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.cmc.doc/task_apionprem_gernerate_self_signed_openSSL.html -Original Message- From: Dmitri Seletski [mailto:drj...@gmail.com] Sent: maandag 19 augustus 2019 21:26 To: openldap-technical@openldap.org Subject: any working documentation? Hello. I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face. I did not find help/user list. So post here. Where can I find working documentation for OpenLDAP? Most current i found: https://www.openldap.org/doc/admin24/quickstart.html It says nothing of TLS encryption. I fail to start service See output below: TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'. tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`. tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS: could not use certificate `OpenLDAP Server'. TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402 TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468 5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: freeing system resources. 5d5af51b slapd stopped. 5d5af51b connections_destroy: nothing to destroy. Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7) And how can I start SLAPD without encryption? I can generate self signed private/public key and make ln -s of my CA cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. At least on 'try out' step. Thanks in advance Dmitri
Fwd: any working documentation?
Please ignore last message. Apparently I have 2 hands, but both are left hands.(freshly cloned OS with no existing preinstall seemed to work fine and works even after 'systemctl stop slapd ; systemctl start slapd') Can anyone suggest good book for administration of OpenLDAP on Linux/CentOS. Ideally for kid 5 and up, with many pictures and suitable for 'late bloomer'. Thanks! Dmitri Forwarded Message Subject:any working documentation? Date: Mon, 19 Aug 2019 20:26:28 +0100 From: Dmitri Seletski To: openldap-technical@openldap.org Hello. I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face. I did not find help/user list. So post here. Where can I find working documentation for OpenLDAP? Most current i found: https://www.openldap.org/doc/admin24/quickstart.html It says nothing of TLS encryption. I fail to start service See output below: TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'. tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`. tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS: could not use certificate `OpenLDAP Server'. TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402 TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468 5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: freeing system resources. 5d5af51b slapd stopped. 5d5af51b connections_destroy: nothing to destroy. Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7) And how can I start SLAPD without encryption? I can generate self signed private/public key and make ln -s of my CA cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. At least on 'try out' step. Thanks in advance Dmitri
any working documentation?
Hello. I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face. I did not find help/user list. So post here. Where can I find working documentation for OpenLDAP? Most current i found: https://www.openldap.org/doc/admin24/quickstart.html It says nothing of TLS encryption. I fail to start service See output below: TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'. tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`. tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS: could not use certificate `OpenLDAP Server'. TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402 TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468 5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: freeing system resources. 5d5af51b slapd stopped. 5d5af51b connections_destroy: nothing to destroy. Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7) And how can I start SLAPD without encryption? I can generate self signed private/public key and make ln -s of my CA cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. At least on 'try out' step. Thanks in advance Dmitri