slapd is OpenLDAP server.
This post is my experiences from install slapd on Ubuntu 12.04
0. x86 and x64
Please do use x86 instead of x64 machine for openldap. As I experiment with Ubuntu 12.04 x64 version, I got some annoying bugs relate to TLS. At least, I can sure that for package from Ubuntu repo, use x86 will save you from many headache.
1. Logging / Debug
olcLogFile is not easy
to use (I don't know how to use it), if you want logging to a separate
file, change rsyslog config (/etc/rsyslog.d/50-....).
Let local4.* outputs to a dedicated file.
Debug server:
Change your config : olcLogLevel : none
to 256, 16383 to get more verbose output
or run :
slapd --debug
Debug client:
add -d 1 -d 2 ... or -d 5 after your command
2. GNUTLS vs openssl
On Ubuntu 12.04, slapd / ldap-utils is compiled with GNUTLS. You should know this and use certificates/key created by gnutls-bin (certtool) when add SSL/TLS to it.
Or if you use openssl cert/key, do compile your own a slapd / ldap-utils with openssl.
Use mix slapd (built with gnutls) with openssl cert wil cause endless headache to you. DON'T DO THAT!
3. Certificate/ Key
Certificate MUST be created which cn = your hostname FQDN.
To check that, use:
hostname --fqdn
If you wan to change it to example.com, add example.com into /etc/hosts, before the result you've got.
No comments:
Post a Comment