LDAP Error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



google(ing) for this - it basically says the same thing as you've stated.
Is there a way to fix this by hand or is LDAP corrupted beyond fixing unless 
you
uninstall and re-install.

Joe


>From: Richard Megginson <rmeggins at redhat.com>
>Reply-To: "General discussion list for the Fedora Directory server 
>project." <fedora-directory-users at redhat.com>
>To: "General discussion list for the Fedora Directory server project." 
><fedora-directory-users at redhat.com>
>Subject: Re: LDAP Error
>Date: Fri, 04 Aug 2006 14:04:23 -0600
>
>Joe Sheehan wrote:
>>Has anyone seen this before? Possible causes? Thanks Joe
>>
>>
>>Start Slapd Server Config
>>
>>FATAL Slapd ERROR LDAP authentication failed for url: 
>>ldap://nodename.my.nis:1389             Netscaperoot user id admin (151: 
>>unknown error)
>This usually indicates a problem with DNS or reverse DNS setup.
>>
>>Fatal slapd did not add directory server information into configuration 
>>server
>>
>>...
>>
>>
>>
>>
>>>From: Richard Megginson <rmeggins at redhat.com>
>>>Reply-To: "General discussion list for the Fedora Directory server 
>>>project." <fedora-directory-users at redhat.com>
>>>To: "General discussion list for the Fedora Directory server project." 
>>><fedora-directory-users at redhat.com>
>>>Subject: Re: Error at work of the utility 
>>>ldapsearch.
>>>Date: Fri, 04 Aug 2006 09:45:37 -0600
>>>
>>>One problem may be that you have to specify some additional option when 
>>>creating the MS CA cert or server certs issued by this CA.  Is this a 
>>>root CA or did you get a CA certificate from somewhere else?
>>>
>>>Do this:
>>>cd /opt/fedora-ds/alias ; ../shared/bin/certutil -d . -P slapd-asterisk1- 
>>>-L -n ad-cert
>>>
>>>Safonov Alexey wrote:
>>>>Thanks Richard!
>>>>
>>>>In my opinion it the certificate of the CA. Certificates you can see 
>>>>details
>>>>of reception of it on a screenshot (see the attached file)
>>>>
>>>>Safonov Alexey
>>>>
>>>>-----Original Message-----
>>>>From: fedora-directory-users-bounces at redhat.com
>>>>[mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard
>>>>Megginson
>>>>Sent: Friday, July 28, 2006 5:45 PM
>>>>To: General discussion list for the Fedora Directory server project.
>>>>Subject: Re: Error at work of the utility
>>>>ldapsearch.
>>>>
>>>>
>>>>Safonov Alexey wrote:
>>>>
>>>>>Thanks Richard!
>>>>>
>>>>>Now I start so:
>>>>>[root at asterisk1 bin]# ./ldapsearch -Z -P
>>>>>/opt/fedora-ds/alias/slapd-asterisk1-cert8.db -K
>>>>>/opt/fedora-ds/alias/slapd-asterisk1-key3.db  -h
>>>>>rv-vm1.mup-example.vrn.ru  -p 636 -D
>>>>>"cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s
>>>>>base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" -v
>>>>>
>>>>>Also I receive a error:
>>>>>
>>>>>ldapsearch: started Fri Jul 28 16:21:39 2006
>>>>>
>>>>>ldap_init( srv-vm1.mup-example.vrn.ru, 636 )
>>>>>ldaptool_getcertpath -- /opt/fedora-ds/alias/slapd-asterisk1-cert8.db
>>>>>ldaptool_getkeypath -- /opt/fedora-ds/alias/slapd-asterisk1-key3.db
>>>>>ldaptool_getmodpath -- (null)
>>>>>ldaptool_getdonglefilename -- (null)
>>>>>ldap_simple_bind: Can't contact LDAP server
>>>>>         SSL error -8156 (Issuer certificate is invalid.)
>>>>>
>>>>>Though the certificate ad-cert (from Windows DC) is established. The
>>>>>
>>>>utility
>>>>
>>>>>certutil and Fedora Management Console (Manage Certificates) shows it.
>>>>>[root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P
>>>>>slapd-asterisk1-
>>>>>CA certificate                 CTu,u,u
>>>>>server-cert                    u,u,u
>>>>>Server-Cert                    u,u,u
>>>>>ad-cert                        CT,C,C
>>>>>
>>>>>Help my!
>>>>>
>>>>>
>>>>Is ad-cert the certificate of the AD server or the certificate of the CA
>>>>that issued the AD cert?  An SSL client only needs to trust the CA cert
>>>>of the issuer of the server certs it wants to use.
>>>>
>>>>>Safonov Alexey
>>>>>
>>>>>-----Original Message-----
>>>>>From: fedora-directory-users-bounces at redhat.com
>>>>>[mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard
>>>>>Megginson
>>>>>Sent: Thursday, July 27, 2006 7:36 PM
>>>>>To: General discussion list for the Fedora Directory server project.
>>>>>Subject: Re: Error at work of the utility
>>>>>ldapsearch.
>>>>>
>>>>>
>>>>>Safonov Alexey wrote:
>>>>>
>>>>>
>>>>>>Hi !
>>>>>>
>>>>>>I ask to help to solve a problem with the utility ldapsearch.
>>>>>>
>>>>>>is a problem to carry out synchronization between FDS and AD. Has made
>>>>>>
>>>>the
>>>>
>>>>>>following:
>>>>>>1) Install FDS
>>>>>>2) Configuring SSL Enabled FDS. For this purpose has started script
>>>>>>setupssl.sh (http://directory.fedora.redhat.com/download/setupssl.sh)
>>>>>>
>>>>from
>>>>
>>>>>>HOWTO "Howto:SSL" (http://directory.fedora.redhat.com/wiki/Howto:SSL)
>>>>>>3) Restart FDS.
>>>>>>    netstat -atupn | grep ns-
>>>>>>tcp  0      0 :::389         :::*       LISTEN      6039/ns-slapd
>>>>>>tcp  0      0 :::636         :::*       LISTEN      6039/ns-slapd
>>>>>>4) Enable SSL on AD.
>>>>>>Install Certificate Service
>>>>>>Check util ldp.exe:
>>>>>>Connected param: Server- srv-vm1.mup-example.vrn.ru
>>>>>>                  Port  - 636
>>>>>>                  Checkbox "SSL"
>>>>>>ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1);
>>>>>>Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
>>>>>>LDAP_VERSION3);
>>>>>>Error <0x0> = ldap_connect(hLdap, NULL);
>>>>>>Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv);
>>>>>>Host supports SSL, SSL cipher strength = 128 bits
>>>>>>Established connection to srv-vm1.mup-example.vrn.ru.
>>>>>>Retrieving base DSA information...
>>>>>>.....
>>>>>>5) Import AD CA certificate in DER mode.
>>>>>>6) Copy, convert (PEM) and install AD CA certificate in FDS. Check:
>>>>>>[root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P
>>>>>>slapd-asterisk1-
>>>>>>CA certificate                         CTu,u,u
>>>>>>server-cert                            u,u,u
>>>>>>Server-Cert                            u,u,u
>>>>>>ad-cert                                CT,C,C <- install this
>>>>>>
>>>>>>6) [root at asterisk1 alias]# ldapsearch -Z -P
>>>>>>/opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h
>>>>>>rv-vm1.mup-example.vrn.ru  -p 636 -D
>>>>>>"cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s
>>>>>>base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*"
>>>>>>
>>>>>>
>>>>>>
>>>>>That's /usr/bin/ldapsearch, which is openldap ldapsearch, which uses
>>>>>openssl for crypto, which is completely different than NSS.  You need 
>>>>>to
>>>>>use the ldapsearch in /opt/fedora-ds/shared/bin e.g.
>>>>>cd /opt/fedora-ds/shared/bin ; ./ldapsearch ....
>>>>>
>>>>>
>>>>>>Error:
>>>>>>ldapsearch: unabel to parse protocol version
>>>>>>"/opt/fedora-ds/alias/slapd-asterisk1-cert8.db"
>>>>>>
>>>>>>Help my!
>>>>>>Thanks
>>>>>>
>>>>>>------------------------------------------------------
>>>>>>My Setup:
>>>>>>
>>>>>>Fedora Core 5 (i386)
>>>>>>Fedora Directory Server 1.0.2
>>>>>>Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru)
>>>>>>------------------------------------------------------
>>>>>>
>>>>>use the ldapsearch in /opt/fedora-ds/shared/bin e.g.
>>>>>cd /opt/fedora-ds/shared/bin ; ./ldapsearch ....
>>>>>
>>>>>
>>>>>>Error:
>>>>>>ldapsearch: unabel to parse protocol version
>>>>>>"/opt/fedora-ds/alias/slapd-asterisk1-cert8.db"
>>>>>>
>>>>>>Help my!
>>>>>>Thanks
>>>>>>
>>>>>>------------------------------------------------------
>>>>>>My Setup:
>>>>>>
>>>>>>Fedora Core 5 (i386)
>>>>>>Fedora Directory Server 1.0.2
>>>>>>Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru)
>>>>>>------------------------------------------------------
>>>>>>
>>>>
>>>>
>>>>
>>>>------------------------------------------------------------------------
>>>>
>>>>
>>>>------------------------------------------------------------------------
>>>>
>>>>
>>>>--
>>>>Fedora-directory-users mailing list
>>>>Fedora-directory-users at redhat.com
>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>
>>
>>><< smime.p7s >>
>>
>>
>>
>>
>>>--
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users at redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users


><< smime.p7s >>




>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users





[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux