Vài khái niệm/ câu lệnh quan trọng khi debug stack : postfix - dovecot - openldap, với dovecot là imap server đồng thời thực hiện SASL authenticate sử dụng backend LDAP.
1. Tắt hết TLS / SSL option đi.
2. Kiểm tra xem LDAP có hoạt động bình thường không
NOTE: nếu dùng TLS, LDAP vẫn listen ở port 389
Dùng SSL mới listen 636.
$ ldapsearch -x -H ldap://127.0.0.1 -D 'uid=hvn@example.com,ou=people,dc=example,dc=com' -W -ZZ -b'dc=example,dc=com' # (bỏ -ZZ nếu chỉ dùng LDAP không SSL/TLS)
3. Bật verbose cho slapd: đặt oldLog = 16383
Sau khi ldap đã hoạt động bình thường, kiểm tra dovecot.
Dùng dovecot -a để xem cấu hình của dovecot hiện tại.
4. Thử telnet với postfix:
Showing posts with label openldap. Show all posts
Showing posts with label openldap. Show all posts
Sunday, November 17, 2013
Monday, April 22, 2013
Things I Wish I'd Known Before Installed slapd on Ubuntu 12.04
slapd is OpenLDAP server.
This post is my experiences from install slapd on Ubuntu 12.04
0. x86 and x64
Please do use x86 instead of x64 machine for openldap. As I experiment with Ubuntu 12.04 x64 version, I got some annoying bugs relate to TLS. At least, I can sure that for package from Ubuntu repo, use x86 will save you from many headache.
1. Logging / Debug
olcLogFile is not easy to use (I don't know how to use it), if you want logging to a separate file, change rsyslog config (/etc/rsyslog.d/50-....).
Let local4.* outputs to a dedicated file.
Debug server:
Change your config : olcLogLevel : none
to 256, 16383 to get more verbose output
or run :
slapd --debug
Debug client:
add -d 1 -d 2 ... or -d 5 after your command
2. GNUTLS vs openssl
On Ubuntu 12.04, slapd / ldap-utils is compiled with GNUTLS. You should know this and use certificates/key created by gnutls-bin (certtool) when add SSL/TLS to it.
Or if you use openssl cert/key, do compile your own a slapd / ldap-utils with openssl.
Use mix slapd (built with gnutls) with openssl cert wil cause endless headache to you. DON'T DO THAT!
3. Certificate/ Key
Certificate MUST be created which cn = your hostname FQDN.
To check that, use:
hostname --fqdn
If you wan to change it to example.com, add example.com into /etc/hosts, before the result you've got.
This post is my experiences from install slapd on Ubuntu 12.04
0. x86 and x64
Please do use x86 instead of x64 machine for openldap. As I experiment with Ubuntu 12.04 x64 version, I got some annoying bugs relate to TLS. At least, I can sure that for package from Ubuntu repo, use x86 will save you from many headache.
1. Logging / Debug
olcLogFile is not easy to use (I don't know how to use it), if you want logging to a separate file, change rsyslog config (/etc/rsyslog.d/50-....).
Let local4.* outputs to a dedicated file.
Debug server:
Change your config : olcLogLevel : none
to 256, 16383 to get more verbose output
or run :
slapd --debug
Debug client:
add -d 1 -d 2 ... or -d 5 after your command
2. GNUTLS vs openssl
On Ubuntu 12.04, slapd / ldap-utils is compiled with GNUTLS. You should know this and use certificates/key created by gnutls-bin (certtool) when add SSL/TLS to it.
Or if you use openssl cert/key, do compile your own a slapd / ldap-utils with openssl.
Use mix slapd (built with gnutls) with openssl cert wil cause endless headache to you. DON'T DO THAT!
3. Certificate/ Key
Certificate MUST be created which cn = your hostname FQDN.
To check that, use:
hostname --fqdn
If you wan to change it to example.com, add example.com into /etc/hosts, before the result you've got.
Subscribe to:
Posts (Atom)