On 8/26/19 2:50 PM, Nicolas Kovacs wrote:
Hi,
So it looks like my 389 DS server is running. I admit I'm fighting every
step to get this thing to run.
As it looks, the next step is to test the LDAP client connection. Which
leads me to my first question.
When TLS is enabled, is it still possible to get plain (e. g.
unencrypted) connections from a client?
Yes. By default the non-secure port (LDAP) is 389, and the secure port
(LDAPS) is 636
What commands do you use on a Linux client to test basic LDAP
connection, plain and/or secure?
You can use ldapsearch to test query the server. Replace YOUR_FQDN with
your fully qualified domain name, and "slapd-YOUR_INSTANCE_NAME" with
the appropriate value you used during installation (look under /etc/dirsrv/)
None secure port:
# ldapsearch -h YOUR_FQDN -p 389 -xLLL -b "" -s base
Secure Port (TLS)
# LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-YOUR_INSTANCE_NAME ldapsearch
-xLLL -H 'ldaps://YOUR_FQDN:636' -b "" -s base
---> Can also set TLS_CACERTDIR in /etc/openldap/ldap.conf to avoid
setting the ENV variable with ldapsearch.
HTH,
Mark
Thanks & Cheers,
Niki
--
389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
