FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 11-21-2010, 03:41 PM
Laurent Roudier
 
Default SSl connection to 389 DS server

Hi everybody,
I try to setup a 389 DS server and made it work with a web server. My current
configuration is :
fedora 14 (2.6.35.6-48.fc14.i686)
389-admin-1.1.11-1.fc14.i686
389-ds-console-doc-1.2.3-1.fc14.noarch
389-adminutil-1.1.10-2.fc14.i686
389-ds-console-1.2.3-1.fc14.noarch
389-ds-base-1.2.6.1-2.fc14.i686
389-console-1.1.4-1.fc14.noarch
389-ds-1.2.1-1.fc14.noarch
389-admin-console-1.1.5-1.fc14.noarch
389-admin-console-doc-1.1.5-1.fc14.noarch
389-dsgw-1.1.5-2.fc14.i686

I setup 389 without any probleme
I add certificate and secure connection with the used of setupssl2.sh script.
So if I use this php script, it work without any problem
<?php
$ldaprdn = DN
$ldappass = password
$ldapconn = ldap_connect("ldap://localhost");
if ($ldapconn) {
if ($ldapbind) {
echo "<P>bind LDAP OK</P>";
} else {
echo "<P>bind LDAP KO</P>";
}
}
else
{
echo "<P>fail</P>";
}
?>

if a change "ldap://localhost" by "ldaps://localhost", it fail and the log of
389 is

[21/Nov/2010:16:53:54 +0100] conn=1 fd=64 slot=64 SSL connection from ::1
to ::1
[21/Nov/2010:16:53:54 +0100] conn=1 op=-1 fd=64 closed - Encountered end
of file.

if a change "ldap://localhost" by "localhost",636, it hang, I must restart
dirsvr and the log of 389 is

[21/Nov/2010:15:43:38 +0100] conn=3 fd=65 slot=65 connection from ::1
to ::1
[21/Nov/2010:15:43:38 +0100] conn=3 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[21/Nov/2010:15:43:38 +0100] conn=3 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[21/Nov/2010:15:43:38 +0100] conn=3 op=-1 fd=65 closed - Encountered
end of file.


I try several thinks, changing the certificate, the file /etc/openldap/ldap.conf
but nothing is working.

Please help me

Laurent



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-22-2010, 08:47 PM
Rich Megginson
 
Default SSl connection to 389 DS server

On 11/21/2010 09:41 AM, Laurent Roudier wrote:
> Hi everybody,
> I try to setup a 389 DS server and made it work with a web server. My current
> configuration is :
> fedora 14 (2.6.35.6-48.fc14.i686)
> 389-admin-1.1.11-1.fc14.i686
> 389-ds-console-doc-1.2.3-1.fc14.noarch
> 389-adminutil-1.1.10-2.fc14.i686
> 389-ds-console-1.2.3-1.fc14.noarch
> 389-ds-base-1.2.6.1-2.fc14.i686
> 389-console-1.1.4-1.fc14.noarch
> 389-ds-1.2.1-1.fc14.noarch
> 389-admin-console-1.1.5-1.fc14.noarch
> 389-admin-console-doc-1.1.5-1.fc14.noarch
> 389-dsgw-1.1.5-2.fc14.i686
>
> I setup 389 without any probleme
> I add certificate and secure connection with the used of setupssl2.sh script.
> So if I use this php script, it work without any problem
> <?php
> $ldaprdn = DN
> $ldappass = password
> $ldapconn = ldap_connect("ldap://localhost");
> if ($ldapconn) {
> if ($ldapbind) {
> echo "<P>bind LDAP OK</P>";
> } else {
> echo "<P>bind LDAP KO</P>";
> }
> }
> else
> {
> echo "<P>fail</P>";
> }
> ?>
>
> if a change "ldap://localhost" by "ldaps://localhost", it fail and the log of
> 389 is
>
> [21/Nov/2010:16:53:54 +0100] conn=1 fd=64 slot=64 SSL connection from ::1
> to ::1
> [21/Nov/2010:16:53:54 +0100] conn=1 op=-1 fd=64 closed - Encountered end
> of file.
Where do you specify the CA certificate and other security options, if any?
Can you turn up php logging?
> if a change "ldap://localhost" by "localhost",636, it hang, I must restart
> dirsvr and the log of 389 is
>
> [21/Nov/2010:15:43:38 +0100] conn=3 fd=65 slot=65 connection from ::1
> to ::1
> [21/Nov/2010:15:43:38 +0100] conn=3 op=0 EXT
> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> [21/Nov/2010:15:43:38 +0100] conn=3 op=0 RESULT err=0 tag=120
> nentries=0 etime=0
> [21/Nov/2010:15:43:38 +0100] conn=3 op=-1 fd=65 closed - Encountered
> end of file.
>
>
> I try several thinks, changing the certificate,
How do you change the certificate?
> the file /etc/openldap/ldap.conf
> but nothing is working.
Does php use /etc/openldap/ldap.conf?
> Please help me
>
> Laurent
>
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-23-2010, 06:53 AM
Angel Bosch Mora
 
Default SSl connection to 389 DS server

ssl connections need the same FQDN specified in the cert to be used when connecting.

localhost i hardly going to work.


abosch
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-23-2010, 09:03 PM
Laurent Roudier
 
Default SSl connection to 389 DS server

The PHP message I got is :
Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in
/var/www/html/php.php on line 27


I'm not sure if php is using /etc/openldap/ldap.conf, I didn't found the way or
the log to know were the php ldap module get the path to this file. I try to put
it directly on etc, but I got the same error



On 11/21/2010 09:41 AM, Laurent Roudier wrote:
> Hi everybody,
> I try to setup a 389 DS server and made it work with a web server. My current
> configuration is :
> fedora 14 (2.6.35.6-48.fc14.i686)
> 389-admin-1.1.11-1.fc14.i686
> 389-ds-console-doc-1.2.3-1.fc14.noarch
> 389-adminutil-1.1.10-2.fc14.i686
> 389-ds-console-1.2.3-1.fc14.noarch
> 389-ds-base-1.2.6.1-2.fc14.i686
> 389-console-1.1.4-1.fc14.noarch
> 389-ds-1.2.1-1.fc14.noarch
> 389-admin-console-1.1.5-1.fc14.noarch
> 389-admin-console-doc-1.1.5-1.fc14.noarch
> 389-dsgw-1.1.5-2.fc14.i686
>
> I setup 389 without any probleme
> I add certificate and secure connection with the used of setupssl2.sh script.
> So if I use this php script, it work without any problem
> <?php
> $ldaprdn = DN
> $ldappass = password
> $ldapconn = ldap_connect("ldap://localhost");
> if ($ldapconn) {
> if ($ldapbind) {
> echo "<P>bind LDAP OK</P>";
> } else {
> echo "<P>bind LDAP KO</P>";
> }
> }
> else
> {
> echo "<P>fail</P>";
> }
> ?>
>
> if a change "ldap://localhost" by "ldaps://localhost", it fail and the log of
> 389 is
>
> [21/Nov/2010:16:53:54 +0100] conn=1 fd=64 slot=64 SSL connection from
>::1
> to ::1
> [21/Nov/2010:16:53:54 +0100] conn=1 op=-1 fd=64 closed - Encountered
end
> of file.
Where do you specify the CA certificate and other security options, if any?
Can you turn up php logging?
> if a change "ldap://localhost" by "localhost",636, it hang, I must restart
> dirsvr and the log of 389 is
>
> [21/Nov/2010:15:43:38 +0100] conn=3 fd=65 slot=65 connection from
::1
> to ::1
> [21/Nov/2010:15:43:38 +0100] conn=3 op=0 EXT
> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> [21/Nov/2010:15:43:38 +0100] conn=3 op=0 RESULT err=0 tag=120
> nentries=0 etime=0
> [21/Nov/2010:15:43:38 +0100] conn=3 op=-1 fd=65 closed - Encountered
> end of file.
>
>
> I try several thinks, changing the certificate,
How do you change the certificate?
> the file /etc/openldap/ldap.conf
> but nothing is working.
Does php use /etc/openldap/ldap.conf?
> Please help me
>
> Laurent
>
>




--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-29-2010, 05:02 PM
Rich Megginson
 
Default SSl connection to 389 DS server

On 11/23/2010 03:03 PM, Laurent Roudier wrote:
> The PHP message I got is :
> Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in
> /var/www/html/php.php on line 27
>
>
> I'm not sure if php is using /etc/openldap/ldap.conf, I didn't found the way or
> the log to know were the php ldap module get the path to this file. I try to put
> it directly on etc, but I got the same error
If you don't know, you'll just have to read the php documentation to
figure out how to set the certificate used by ldap and other TLS/SSL
options.
>
>
> On 11/21/2010 09:41 AM, Laurent Roudier wrote:
>> Hi everybody,
>> I try to setup a 389 DS server and made it work with a web server. My current
>> configuration is :
>> fedora 14 (2.6.35.6-48.fc14.i686)
>> 389-admin-1.1.11-1.fc14.i686
>> 389-ds-console-doc-1.2.3-1.fc14.noarch
>> 389-adminutil-1.1.10-2.fc14.i686
>> 389-ds-console-1.2.3-1.fc14.noarch
>> 389-ds-base-1.2.6.1-2.fc14.i686
>> 389-console-1.1.4-1.fc14.noarch
>> 389-ds-1.2.1-1.fc14.noarch
>> 389-admin-console-1.1.5-1.fc14.noarch
>> 389-admin-console-doc-1.1.5-1.fc14.noarch
>> 389-dsgw-1.1.5-2.fc14.i686
>>
>> I setup 389 without any probleme
>> I add certificate and secure connection with the used of setupssl2.sh script.
>> So if I use this php script, it work without any problem
>> <?php
>> $ldaprdn = DN
>> $ldappass = password
>> $ldapconn = ldap_connect("ldap://localhost");
>> if ($ldapconn) {
>> if ($ldapbind) {
>> echo "<P>bind LDAP OK</P>";
>> } else {
>> echo "<P>bind LDAP KO</P>";
>> }
>> }
>> else
>> {
>> echo "<P>fail</P>";
>> }
>> ?>
>>
>> if a change "ldap://localhost" by "ldaps://localhost", it fail and the log of
>> 389 is
>>
>> [21/Nov/2010:16:53:54 +0100] conn=1 fd=64 slot=64 SSL connection from
>> ::1
>> to ::1
>> [21/Nov/2010:16:53:54 +0100] conn=1 op=-1 fd=64 closed - Encountered
> end
>> of file.
> Where do you specify the CA certificate and other security options, if any?
> Can you turn up php logging?
>> if a change "ldap://localhost" by "localhost",636, it hang, I must restart
>> dirsvr and the log of 389 is
>>
>> [21/Nov/2010:15:43:38 +0100] conn=3 fd=65 slot=65 connection from
> ::1
>> to ::1
>> [21/Nov/2010:15:43:38 +0100] conn=3 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [21/Nov/2010:15:43:38 +0100] conn=3 op=0 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [21/Nov/2010:15:43:38 +0100] conn=3 op=-1 fd=65 closed - Encountered
>> end of file.
>>
>>
>> I try several thinks, changing the certificate,
> How do you change the certificate?
>> the file /etc/openldap/ldap.conf
>> but nothing is working.
> Does php use /etc/openldap/ldap.conf?
>> Please help me
>>
>> Laurent
>>
>>
>
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 10:53 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org