> hi all, > > This is regarding my previous problem of filling the ldap directory as > per given on lifewithqmail website. > > After makeing all the entries as per the website steps i ran the > following command and had this error. > > [EMAIL PROTECTED] ~]# ldapadd -acrv -h ldap.vvdesign.com -D > "cn=admin,o=localhost,c=com" -w admin -f ldif > [EMAIL PROTECTED] ~]# ldap_initialize( ldap://ldap.vvdesign.com ) > [EMAIL PROTECTED] ~]# ldap_sasl_interactive_bind_s: Can't contact LDAP server > (-1) > > > Then one of our mailing list friend (costa)suggest this command to me > which also gave error. > > [EMAIL PROTECTED] ~]# ldapadd -x -v -w admin -D "cn=admin,o=localhost,c=com" > -fldif -Z > ldap_initialize( <DEFAULT> ) ldap_start_tls: Connect error (-11) > additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > alert handshake failure ldap_bind: Can't contact LDAP server (-1) > additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > alert handshake failure > > > My OS is version is as folllows > > > [EMAIL PROTECTED] ~]# cat /etc/redhat-release > PCQLinux 2005 (WhiteHope) > [EMAIL PROTECTED] ~]# uname -r > 2.6.10-1.741_FC3 > > > > My slapd.conf file entries are as follows. > > > # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. > # > include /etc/openldap/schema/core.schema include > /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema include > /etc/openldap/schema/nis.schema > include /etc/openldap/schema/qmail.schema > > # Allow LDAPv2 client connections. This is NOT the default. > allow bind_v2 > > # Do not enable referrals until AFTER you have a working directory > # service AND an understanding of referrals. > #referral ldap://root.openldap.org > > > pidfile /var/run/slapd.pid argsfile /var/run/slapd.args > > # Load dynamic backend modules: > # modulepath /usr/sbin/openldap > # moduleload back_bdb.la > # moduleload back_ldap.la > # moduleload back_ldbm.la > # moduleload back_passwd.la > # moduleload back_shell.la > > > > ####################################################################### > # ldbm and/or bdb database definitions > ####################################################################### > > > database ldbm suffix "o=localhost, c=com" rootdn > "cn=admin, o=localhost, c=com" > > > #database bdb > #suffix "dc=my-domain,dc=com" > #rootdn "cn=Manager,dc=my-domain,dc=com" > # Cleartext passwords, especially for the rootdn, should > # be avoided. See slappasswd(8) and slapd.conf(5) for details. > # Use of strong authentication encouraged. > rootpw admin # rootpw secret > # rootpw {crypt}ijFYNcSNctBYg > > > # The database directory MUST exist prior to running slapd AND > # should only be accessible by the slapd and slap tools. > # Mode 700 recommended. > directory /var/lib/ldap > > # Indices to maintain for this database > index objectClass eq,pres index > ou,cn,mail,surname,givenname eq,pres,sub index > uidNumber,gidNumber,loginShell eq,pres index uid,memberUid > eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub > > # Replicas of this database > #replogfile /var/lib/ldap/openldap-master-replog > #replica host=ldap-1.example.com:389 starttls=critical > # bindmethod=sasl saslmech=GSSAPI > # authcId=host/[EMAIL PROTECTED] > > > These are the ldap rpm's loaded im my machine > > > [EMAIL PROTECTED] openldap]# rpm -qa |grep ldap > openldap-2.2.13-2 php-ldap-4.3.9-3 nss_ldap-220-3 mod_authz_ldap-0.26-2 > openldap-servers-2.2.13-2 openldap-clients-2.2.13-2 openldap-devel-2.2.13-2 > > > What steps i need to carry out to solve this issue since its all most a > week now with this problem.
1. make sure that problem is not caused by LDAP certificate validation. Check TLS_REQCERT option in ldap.conf (man ldap.conf). 2. ldapadd defaults to localhost connection. Use -H option with correct URI, if you must use TLS. Check -H option in 'man ldapadd' and URI syntax in 'man ldap_url_parse' 3. don't use TLS on local connections. Check -Z option in 'man ldapadd'. If you are afraid that loopback interface is sniffed, get your compromised machine offline and reinstall it. -- Tomas
