I’ve been pulling my hair out for 3 days now trying to configure ldap. I first tried installing from source but then reinstalled using
apt-get, which caused some migration errors, but I believe those are all resolved. I am able to execute
ldapsearch -x and its cousins when I properly specify a root DN (for some reason the base specified
ldap.conf isn’t working), which I assume indicates that the server is functioning properly; I have as well verified that the server is listening below. However, I’m trying to set up SSL, and I understand that with the version i installed through apt-get needs to be configured in
cn=config, and therefore must use the
-H ldapi:/// -Y EXTERNAL options below, however it is unable to contact the server when I try.
root@aeneas:/tmp/ldap# ldapmodify -H ldapi:/// -Y EXTERNAL -D 'cn=config' -f ./modify.ldif ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) root@aeneas:/tmp/ldap# netstat -plane | grep slapd tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 0 53158 11280/slapd tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 0 53163 11280/slapd tcp6 0 0 :::389 :::* LISTEN 0 53159 11280/slapd tcp6 0 0 :::636 :::* LISTEN 0 53164 11280/slapd unix 2 [ ACC ] STREAM LISTENING 53160 11280/slapd /var/run/slapd/ldapi unix 2 [ ] DGRAM 53154 11280/slapd root@aeneas:/tmp/ldap# cat ./modify.ldif dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/ssl/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/ssl/servercrt.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/lda/pssl/serverkey.pem
I later disabled
ldaps:/// listening on port 636, suspecting that
ldapmodify was contacting the SSL server by default then quitting when not given a certificate, but this had no effect.