Re: any working documentation?

[Dieter Klünter]

Am Mon, 19 Aug 2019 20:26:28 +0100
schrieb Dmitri Seletski :

> Hello.
> 
> 
> I am new to the list, so if you gonna beat me with your feet - please 
> don't hit me in the face.
> 
> I did not find help/user list. So post here.
> 
> Where can I find working documentation for OpenLDAP?
> 
> Most current i found:
> 
> https://www.openldap.org/doc/admin24/quickstart.html
> 
> It says nothing of TLS encryption. I fail to start service
> 
> See output below:

It seems you use MOZNSS instead of openSSL, check slapd for the
built-in ssl library.

> TLSMC: MozNSS compatibility interception begins.
> tlsmc_intercept_initialization: INFO: entry options follow:
> tlsmc_intercept_initialization: INFO: cacertdir =
> `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile
> = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = 
> `/etc/openldap/certs/password'
> tlsmc_convert: INFO: trying to open NSS DB with CACertDir = 
> `/etc/openldap/certs'.
> tlsmc_open_nssdb: INFO: trying to initialize moznss using security
> dir `/etc/openldap` prefix `certs`.
> tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error
> -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM
> configuration is present.
> tlsmc_intercept_initialization: INFO: altered options follow:
> tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
> tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
> tlsmc_intercept_initialization: INFO: keyfile = 
> `/etc/openldap/certs/password'
> tlsmc_intercept_initialization: INFO: successfully intercepted TLS 
> initialization. Continuing with OpenSSL only.
> TLSMC: MozNSS compatibility interception ends.
> TLS: could not use certificate `OpenLDAP Server'.
> TLS: error:02001002:system library:fopen:No such file or directory 
> bss_file.c:402
> TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
> TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system
> lib ssl_rsa.c:468
> 5d5af51b main: TLS init def ctx failed: -1
> 5d5af51b slapd destroy: freeing system resources.
> 5d5af51b slapd stopped.
> 5d5af51b connections_destroy: nothing to destroy.
> 
> 
> 
> Where can I submit errata to documentation maintainer?(as quick start 
> clearly doesn't work in my default install of OpenLDAP on CentOS 7)

That is most likely because of MOZNSS in a OpenSSL envirement or vice
versa.

> And how can I start SLAPD without encryption?

Just disable TLS in slapd.conf and ldap.conf
 
{...]

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Antw: Re: any working documentation?

[Ulrich Windl]

>>> Dmitri Seletski  schrieb am 20.08.2019 um 18:39 in 
>>> Nachricht
<8cb57eed-9577-6df9-2295-8958f04e7...@gmail.com>:
> Thank you very much for your response Dave.
> 
> 
> As per second link, I was able to create working copy of LDAP server, 
> that did not crash on me complaining about encryption.
> 
> So I can recreate working environment. I am not seeking to be able to 
> mindlessly copy someone's config files and start service as 'my own'.
> 
> Can someone suggest PDF book(which I am willing to buy, even if it's 
> expensive, eastern European paying money for digital property, I know, 
> right?) or some other non DRM book?
> 
> Something that will give me good insight on LDAP.

Years ago there was an IBM Readbook named "Understanding LDAP
Design and Implementation". Maybe it's still available. That you could use as 
start.

Regards,
Ulrich


> 
> Thank you in advance.
> 
> Dmitri Seletski
> 
> On 20/08/2019 13:32, Dave Macias wrote:
>> There are a lot of great tutorials out there too:
>> https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/ 
>> 
> https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-serve 
> r-configuration-centos-7-rhel-7.html 
>>
>>
>> I would say try them all, get a feel for it and install/configure it 
>> for your needs.
>> Openldap is a great software with many really cool schemas to expand usage
>> https://fossies.org/linux/ldap-account-manager/docs/manual/apa.html 
>>
>> Have fun!
>>
>> On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski > <mailto:drj...@gmail.com>> wrote:
>>
>> Please ignore last message.
>>
>> Apparently I have 2 hands, but both are left hands.(freshly cloned
>> OS with no existing preinstall seemed to work fine and works even
>> after 'systemctl stop slapd ; systemctl start slapd')
>>
>> Can anyone suggest good book for administration of OpenLDAP on
>> Linux/CentOS. Ideally for kid 5 and up, with many pictures and
>> suitable for 'late bloomer'.
>>
>> Thanks!
>>
>> Dmitri
>>
>>  Forwarded Message 
>> Subject: any working documentation?
>> Date:Mon, 19 Aug 2019 20:26:28 +0100
>> From:Dmitri Seletski  <mailto:drj...@gmail.com>
>> To:  openldap-technical@openldap.org 
>> <mailto:openldap-technical@openldap.org>
>>
>>
>>
>> Hello.
>>
>>
>> I am new to the list, so if you gonna beat me with your feet -
>> please don't hit me in the face.
>>
>> I did not find help/user list. So post here.
>>
>> Where can I find working documentation for OpenLDAP?
>>
>> Most current i found:
>>
>> https://www.openldap.org/doc/admin24/quickstart.html 
>>
>> It says nothing of TLS encryption. I fail to start service
>>
>> See output below:
>>
>>
>>
>> TLSMC: MozNSS compatibility interception begins.
>> tlsmc_intercept_initialization: INFO: entry options follow:
>> tlsmc_intercept_initialization: INFO: cacertdir =
>> `/etc/openldap/certs'
>> tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
>> tlsmc_intercept_initialization: INFO: keyfile =
>> `/etc/openldap/certs/password'
>> tlsmc_convert: INFO: trying to open NSS DB with CACertDir =
>> `/etc/openldap/certs'.
>> tlsmc_open_nssdb: INFO: trying to initialize moznss using security
>> dir `/etc/openldap` prefix `certs`.
>> tlsmc_open_nssdb: WARN: could not initialize MozNSS context -
>> error -8015.
>> tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM
>> configuration is present.
>> tlsmc_intercept_initialization: INFO: altered options follow:
>> tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
>> tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
>> tlsmc_intercept_initialization: INFO: keyfile =
>> `/etc/openldap/certs/password'
>> tlsmc_intercept_initialization: INFO: successfully intercepted TLS
>> initialization. Continuing with OpenSSL only.
>> TLSMC: MozNSS compatibility interception ends.
>> TLS: could not use certificate `OpenLDAP Server'.
>> TLS: error:02001002:system library:fopen:No such file or directory
>> bss_file.c:402
>> TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
>> TLS: error:140AD002:SSL
>> routines:SSL_CTX_use_certificate_file:sys

Re: any working documentation?

[Dmitri Seletski]

Thank you very much for your response Dave.


As per second link, I was able to create working copy of LDAP server, 
that did not crash on me complaining about encryption.


So I can recreate working environment. I am not seeking to be able to 
mindlessly copy someone's config files and start service as 'my own'.


Can someone suggest PDF book(which I am willing to buy, even if it's 
expensive, eastern European paying money for digital property, I know, 
right?) or some other non DRM book?


Something that will give me good insight on LDAP.

Thank you in advance.

Dmitri Seletski

On 20/08/2019 13:32, Dave Macias wrote:

There are a lot of great tutorials out there too:
https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/
https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html 



I would say try them all, get a feel for it and install/configure it 
for your needs.

Openldap is a great software with many really cool schemas to expand usage
https://fossies.org/linux/ldap-account-manager/docs/manual/apa.html

Have fun!

On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski <mailto:drj...@gmail.com>> wrote:


Please ignore last message.

Apparently I have 2 hands, but both are left hands.(freshly cloned
OS with no existing preinstall seemed to work fine and works even
after 'systemctl stop slapd ; systemctl start slapd')

Can anyone suggest good book for administration of OpenLDAP on
Linux/CentOS. Ideally for kid 5 and up, with many pictures and
suitable for 'late bloomer'.

Thanks!

Dmitri

 Forwarded Message 
Subject:any working documentation?
Date:   Mon, 19 Aug 2019 20:26:28 +0100
From:   Dmitri Seletski  <mailto:drj...@gmail.com>
To: openldap-technical@openldap.org
<mailto:openldap-technical@openldap.org>



Hello.


I am new to the list, so if you gonna beat me with your feet -
please don't hit me in the face.

I did not find help/user list. So post here.

Where can I find working documentation for OpenLDAP?

Most current i found:

https://www.openldap.org/doc/admin24/quickstart.html

It says nothing of TLS encryption. I fail to start service

See output below:



TLSMC: MozNSS compatibility interception begins.
tlsmc_intercept_initialization: INFO: entry options follow:
tlsmc_intercept_initialization: INFO: cacertdir =
`/etc/openldap/certs'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile =
`/etc/openldap/certs/password'
tlsmc_convert: INFO: trying to open NSS DB with CACertDir =
`/etc/openldap/certs'.
tlsmc_open_nssdb: INFO: trying to initialize moznss using security
dir `/etc/openldap` prefix `certs`.
tlsmc_open_nssdb: WARN: could not initialize MozNSS context -
error -8015.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM
configuration is present.
tlsmc_intercept_initialization: INFO: altered options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile =
`/etc/openldap/certs/password'
tlsmc_intercept_initialization: INFO: successfully intercepted TLS
initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLS: could not use certificate `OpenLDAP Server'.
TLS: error:02001002:system library:fopen:No such file or directory
bss_file.c:402
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
TLS: error:140AD002:SSL
routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468
5d5af51b main: TLS init def ctx failed: -1
5d5af51b slapd destroy: freeing system resources.
5d5af51b slapd stopped.
5d5af51b connections_destroy: nothing to destroy.



Where can I submit errata to documentation maintainer?(as quick
start clearly doesn't work in my default install of OpenLDAP on
CentOS 7)

And how can I start SLAPD without encryption?

I can generate self signed private/public key and make ln -s of my
CA cert folder to 'cacertdir = `/etc/openldap'', but this seems
SOOO unnecessary. At least on 'try out' step.

Thanks in advance

Dmitri

Re: any working documentation?

[Dave Macias]

There are a lot of great tutorials out there too:
https://linuxhostsupport.com/blog/how-to-install-ldap-on-centos-7/
https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html


I would say try them all, get a feel for it and install/configure it for
your needs.
Openldap is a great software with many really cool schemas to expand usage
https://fossies.org/linux/ldap-account-manager/docs/manual/apa.html

Have fun!

On Mon, Aug 19, 2019 at 7:06 PM Dmitri Seletski  wrote:

> Please ignore last message.
>
> Apparently I have 2 hands, but both are left hands.(freshly cloned OS with
> no existing preinstall seemed to work fine and works even after 'systemctl
> stop slapd ; systemctl start slapd')
>
> Can anyone suggest good book for administration of OpenLDAP on
> Linux/CentOS. Ideally for kid 5 and up, with many pictures and suitable for
> 'late bloomer'.
> Thanks!
>
> Dmitri
>
> ---- Forwarded Message ----
> Subject: any working documentation?
> Date: Mon, 19 Aug 2019 20:26:28 +0100
> From: Dmitri Seletski  
> To: openldap-technical@openldap.org
>
> Hello.
>
>
> I am new to the list, so if you gonna beat me with your feet - please
> don't hit me in the face.
>
> I did not find help/user list. So post here.
>
> Where can I find working documentation for OpenLDAP?
>
> Most current i found:
>
> https://www.openldap.org/doc/admin24/quickstart.html
>
> It says nothing of TLS encryption. I fail to start service
>
> See output below:
>
>
>
> TLSMC: MozNSS compatibility interception begins.
> tlsmc_intercept_initialization: INFO: entry options follow:
> tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs'
> tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
> tlsmc_intercept_initialization: INFO: keyfile =
> `/etc/openldap/certs/password'
> tlsmc_convert: INFO: trying to open NSS DB with CACertDir =
> `/etc/openldap/certs'.
> tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir
> `/etc/openldap` prefix `certs`.
> tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015.
> tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration
> is present.
> tlsmc_intercept_initialization: INFO: altered options follow:
> tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
> tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
> tlsmc_intercept_initialization: INFO: keyfile =
> `/etc/openldap/certs/password'
> tlsmc_intercept_initialization: INFO: successfully intercepted TLS
> initialization. Continuing with OpenSSL only.
> TLSMC: MozNSS compatibility interception ends.
> TLS: could not use certificate `OpenLDAP Server'.
> TLS: error:02001002:system library:fopen:No such file or directory
> bss_file.c:402
> TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
> TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
> ssl_rsa.c:468
> 5d5af51b main: TLS init def ctx failed: -1
> 5d5af51b slapd destroy: freeing system resources.
> 5d5af51b slapd stopped.
> 5d5af51b connections_destroy: nothing to destroy.
>
>
>
> Where can I submit errata to documentation maintainer?(as quick start
> clearly doesn't work in my default install of OpenLDAP on CentOS 7)
>
> And how can I start SLAPD without encryption?
>
> I can generate self signed private/public key and make ln -s of my CA cert
> folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary.
> At least on 'try out' step.
>
> Thanks in advance
>
> Dmitri
>
>

RE: any working documentation?

[Marc Roos]

 
http://www.openldap.org/doc/admin24/tls.html

And maybe something like this:
https://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.cmc.doc/task_apionprem_gernerate_self_signed_openSSL.html



-Original Message-
From: Dmitri Seletski [mailto:drj...@gmail.com] 
Sent: maandag 19 augustus 2019 21:26
To: openldap-technical@openldap.org
Subject: any working documentation?

Hello.


I am new to the list, so if you gonna beat me with your feet - please 
don't hit me in the face.

I did not find help/user list. So post here.

Where can I find working documentation for OpenLDAP?

Most current i found:

https://www.openldap.org/doc/admin24/quickstart.html

It says nothing of TLS encryption. I fail to start service

See output below:



TLSMC: MozNSS compatibility interception begins.
tlsmc_intercept_initialization: INFO: entry options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile = 
`/etc/openldap/certs/password'
tlsmc_convert: INFO: trying to open NSS DB with CACertDir = 
`/etc/openldap/certs'.
tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir 
`/etc/openldap` prefix `certs`.
tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error 
-8015.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration 
is present.
tlsmc_intercept_initialization: INFO: altered options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile = 
`/etc/openldap/certs/password'
tlsmc_intercept_initialization: INFO: successfully intercepted TLS 
initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLS: could not use certificate `OpenLDAP Server'.
TLS: error:02001002:system library:fopen:No such file or directory
bss_file.c:402
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
ssl_rsa.c:468
5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: 
freeing system resources.
5d5af51b slapd stopped.
5d5af51b connections_destroy: nothing to destroy.



Where can I submit errata to documentation maintainer?(as quick start 
clearly doesn't work in my default install of OpenLDAP on CentOS 7)

And how can I start SLAPD without encryption?

I can generate self signed private/public key and make ln -s of my CA 
cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO 
unnecessary. At least on 'try out' step.

Thanks in advance

Dmitri

Fwd: any working documentation?

[Dmitri Seletski]

Please ignore last message.

Apparently I have 2 hands, but both are left hands.(freshly cloned OS 
with no existing preinstall seemed to work fine and works even after 
'systemctl stop slapd ; systemctl start slapd')


Can anyone suggest good book for administration of OpenLDAP on 
Linux/CentOS. Ideally for kid 5 and up, with many pictures and suitable 
for 'late bloomer'.


Thanks!

Dmitri

 Forwarded Message 
Subject:any working documentation?
Date:   Mon, 19 Aug 2019 20:26:28 +0100
From:   Dmitri Seletski 
To: openldap-technical@openldap.org



Hello.


I am new to the list, so if you gonna beat me with your feet - please 
don't hit me in the face.


I did not find help/user list. So post here.

Where can I find working documentation for OpenLDAP?

Most current i found:

https://www.openldap.org/doc/admin24/quickstart.html

It says nothing of TLS encryption. I fail to start service

See output below:



TLSMC: MozNSS compatibility interception begins.
tlsmc_intercept_initialization: INFO: entry options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile = 
`/etc/openldap/certs/password'
tlsmc_convert: INFO: trying to open NSS DB with CACertDir = 
`/etc/openldap/certs'.
tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir 
`/etc/openldap` prefix `certs`.

tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration 
is present.

tlsmc_intercept_initialization: INFO: altered options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile = 
`/etc/openldap/certs/password'
tlsmc_intercept_initialization: INFO: successfully intercepted TLS 
initialization. Continuing with OpenSSL only.

TLSMC: MozNSS compatibility interception ends.
TLS: could not use certificate `OpenLDAP Server'.
TLS: error:02001002:system library:fopen:No such file or directory 
bss_file.c:402

TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib 
ssl_rsa.c:468

5d5af51b main: TLS init def ctx failed: -1
5d5af51b slapd destroy: freeing system resources.
5d5af51b slapd stopped.
5d5af51b connections_destroy: nothing to destroy.



Where can I submit errata to documentation maintainer?(as quick start 
clearly doesn't work in my default install of OpenLDAP on CentOS 7)


And how can I start SLAPD without encryption?

I can generate self signed private/public key and make ln -s of my CA 
cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO 
unnecessary. At least on 'try out' step.


Thanks in advance

Dmitri

any working documentation?

[Dmitri Seletski]

Hello.


I am new to the list, so if you gonna beat me with your feet - please 
don't hit me in the face.


I did not find help/user list. So post here.

Where can I find working documentation for OpenLDAP?

Most current i found:

https://www.openldap.org/doc/admin24/quickstart.html

It says nothing of TLS encryption. I fail to start service

See output below:



TLSMC: MozNSS compatibility interception begins.
tlsmc_intercept_initialization: INFO: entry options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile = 
`/etc/openldap/certs/password'
tlsmc_convert: INFO: trying to open NSS DB with CACertDir = 
`/etc/openldap/certs'.
tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir 
`/etc/openldap` prefix `certs`.

tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration 
is present.

tlsmc_intercept_initialization: INFO: altered options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile = 
`/etc/openldap/certs/password'
tlsmc_intercept_initialization: INFO: successfully intercepted TLS 
initialization. Continuing with OpenSSL only.

TLSMC: MozNSS compatibility interception ends.
TLS: could not use certificate `OpenLDAP Server'.
TLS: error:02001002:system library:fopen:No such file or directory 
bss_file.c:402

TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib 
ssl_rsa.c:468

5d5af51b main: TLS init def ctx failed: -1
5d5af51b slapd destroy: freeing system resources.
5d5af51b slapd stopped.
5d5af51b connections_destroy: nothing to destroy.



Where can I submit errata to documentation maintainer?(as quick start 
clearly doesn't work in my default install of OpenLDAP on CentOS 7)


And how can I start SLAPD without encryption?

I can generate self signed private/public key and make ln -s of my CA 
cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO 
unnecessary. At least on 'try out' step.


Thanks in advance

Dmitri