LDAP Error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Joe Sheehan wrote:
> Has anyone seen this before? Possible causes? Thanks Joe
>
>
> Start Slapd Server Config
>
> FATAL Slapd ERROR LDAP authentication failed for url: 
> ldap://nodename.my.nis:1389             Netscaperoot user id admin 
> (151: unknown error)
This usually indicates a problem with DNS or reverse DNS setup.
>
> Fatal slapd did not add directory server information into 
> configuration server
>
> ...
>
>
>
>
>> From: Richard Megginson <rmeggins at redhat.com>
>> Reply-To: "General discussion list for the Fedora Directory server 
>> project." <fedora-directory-users at redhat.com>
>> To: "General discussion list for the Fedora Directory server 
>> project." <fedora-directory-users at redhat.com>
>> Subject: Re: Error at work of the utility 
>> ldapsearch.
>> Date: Fri, 04 Aug 2006 09:45:37 -0600
>>
>> One problem may be that you have to specify some additional option 
>> when creating the MS CA cert or server certs issued by this CA.  Is 
>> this a root CA or did you get a CA certificate from somewhere else?
>>
>> Do this:
>> cd /opt/fedora-ds/alias ; ../shared/bin/certutil -d . -P 
>> slapd-asterisk1- -L -n ad-cert
>>
>> Safonov Alexey wrote:
>>> Thanks Richard!
>>>
>>> In my opinion it the certificate of the CA. Certificates you can see 
>>> details
>>> of reception of it on a screenshot (see the attached file)
>>>
>>> Safonov Alexey
>>>
>>> -----Original Message-----
>>> From: fedora-directory-users-bounces at redhat.com
>>> [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard
>>> Megginson
>>> Sent: Friday, July 28, 2006 5:45 PM
>>> To: General discussion list for the Fedora Directory server project.
>>> Subject: Re: Error at work of the utility
>>> ldapsearch.
>>>
>>>
>>> Safonov Alexey wrote:
>>>
>>>> Thanks Richard!
>>>>
>>>> Now I start so:
>>>> [root at asterisk1 bin]# ./ldapsearch -Z -P
>>>> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -K
>>>> /opt/fedora-ds/alias/slapd-asterisk1-key3.db  -h
>>>> rv-vm1.mup-example.vrn.ru  -p 636 -D
>>>> "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s
>>>> base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" -v
>>>>
>>>> Also I receive a error:
>>>>
>>>> ldapsearch: started Fri Jul 28 16:21:39 2006
>>>>
>>>> ldap_init( srv-vm1.mup-example.vrn.ru, 636 )
>>>> ldaptool_getcertpath -- /opt/fedora-ds/alias/slapd-asterisk1-cert8.db
>>>> ldaptool_getkeypath -- /opt/fedora-ds/alias/slapd-asterisk1-key3.db
>>>> ldaptool_getmodpath -- (null)
>>>> ldaptool_getdonglefilename -- (null)
>>>> ldap_simple_bind: Can't contact LDAP server
>>>>         SSL error -8156 (Issuer certificate is invalid.)
>>>>
>>>> Though the certificate ad-cert (from Windows DC) is established. The
>>>>
>>> utility
>>>
>>>> certutil and Fedora Management Console (Manage Certificates) shows it.
>>>> [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P
>>>> slapd-asterisk1-
>>>> CA certificate                 CTu,u,u
>>>> server-cert                    u,u,u
>>>> Server-Cert                    u,u,u
>>>> ad-cert                        CT,C,C
>>>>
>>>> Help my!
>>>>
>>>>
>>> Is ad-cert the certificate of the AD server or the certificate of 
>>> the CA
>>> that issued the AD cert?  An SSL client only needs to trust the CA cert
>>> of the issuer of the server certs it wants to use.
>>>
>>>> Safonov Alexey
>>>>
>>>> -----Original Message-----
>>>> From: fedora-directory-users-bounces at redhat.com
>>>> [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard
>>>> Megginson
>>>> Sent: Thursday, July 27, 2006 7:36 PM
>>>> To: General discussion list for the Fedora Directory server project.
>>>> Subject: Re: Error at work of the utility
>>>> ldapsearch.
>>>>
>>>>
>>>> Safonov Alexey wrote:
>>>>
>>>>
>>>>> Hi !
>>>>>
>>>>> I ask to help to solve a problem with the utility ldapsearch.
>>>>>
>>>>> is a problem to carry out synchronization between FDS and AD. Has 
>>>>> made
>>>>>
>>> the
>>>
>>>>> following:
>>>>> 1) Install FDS
>>>>> 2) Configuring SSL Enabled FDS. For this purpose has started script
>>>>> setupssl.sh (http://directory.fedora.redhat.com/download/setupssl.sh)
>>>>>
>>> from
>>>
>>>>> HOWTO "Howto:SSL" (http://directory.fedora.redhat.com/wiki/Howto:SSL)
>>>>> 3) Restart FDS.
>>>>>    netstat -atupn | grep ns-
>>>>> tcp  0      0 :::389         :::*       LISTEN      6039/ns-slapd
>>>>> tcp  0      0 :::636         :::*       LISTEN      6039/ns-slapd
>>>>> 4) Enable SSL on AD.
>>>>> Install Certificate Service
>>>>> Check util ldp.exe:
>>>>> Connected param: Server- srv-vm1.mup-example.vrn.ru
>>>>>                  Port  - 636
>>>>>                  Checkbox "SSL"
>>>>> ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1);
>>>>> Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
>>>>> LDAP_VERSION3);
>>>>> Error <0x0> = ldap_connect(hLdap, NULL);
>>>>> Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv);
>>>>> Host supports SSL, SSL cipher strength = 128 bits
>>>>> Established connection to srv-vm1.mup-example.vrn.ru.
>>>>> Retrieving base DSA information...
>>>>> .....
>>>>> 5) Import AD CA certificate in DER mode.
>>>>> 6) Copy, convert (PEM) and install AD CA certificate in FDS. Check:
>>>>> [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P
>>>>> slapd-asterisk1-
>>>>> CA certificate                         CTu,u,u
>>>>> server-cert                            u,u,u
>>>>> Server-Cert                            u,u,u
>>>>> ad-cert                                CT,C,C <- install this
>>>>>
>>>>> 6) [root at asterisk1 alias]# ldapsearch -Z -P
>>>>> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h
>>>>> rv-vm1.mup-example.vrn.ru  -p 636 -D
>>>>> "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s
>>>>> base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*"
>>>>>
>>>>>
>>>>>
>>>> That's /usr/bin/ldapsearch, which is openldap ldapsearch, which uses
>>>> openssl for crypto, which is completely different than NSS.  You 
>>>> need to
>>>> use the ldapsearch in /opt/fedora-ds/shared/bin e.g.
>>>> cd /opt/fedora-ds/shared/bin ; ./ldapsearch ....
>>>>
>>>>
>>>>> Error:
>>>>> ldapsearch: unabel to parse protocol version
>>>>> "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db"
>>>>>
>>>>> Help my!
>>>>> Thanks
>>>>>
>>>>> ------------------------------------------------------
>>>>> My Setup:
>>>>>
>>>>> Fedora Core 5 (i386)
>>>>> Fedora Directory Server 1.0.2
>>>>> Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru)
>>>>> ------------------------------------------------------
>>>>>
>>>> use the ldapsearch in /opt/fedora-ds/shared/bin e.g.
>>>> cd /opt/fedora-ds/shared/bin ; ./ldapsearch ....
>>>>
>>>>
>>>>> Error:
>>>>> ldapsearch: unabel to parse protocol version
>>>>> "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db"
>>>>>
>>>>> Help my!
>>>>> Thanks
>>>>>
>>>>> ------------------------------------------------------
>>>>> My Setup:
>>>>>
>>>>> Fedora Core 5 (i386)
>>>>> Fedora Directory Server 1.0.2
>>>>> Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru)
>>>>> ------------------------------------------------------
>>>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------ 
>>>
>>>
>>> ------------------------------------------------------------------------ 
>>>
>>>
>>> -- 
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>
>
>> << smime.p7s >>
>
>
>
>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060804/1c1db493/attachment.bin 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux