OpenLDAP

OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol.

Dec 03 2009

Samba/OpenLDAP Cheatsheet

By: racke Tags:

List domain groups:

net groupmap list

Adding domain group:

smbldap-groupadd -a interchange

Adding user to domain group:

smbldap-groupmod -m racke interchange

Please restart Samba after adding domain groups or adding user to domain groups.

racke's blog

Dec 03 2009

OpenLDAP: TLS init def ctx failed: -207

By: racke Tags:

OpenLDAP

Today I upgraded OpenLDAP in order to fix the insufficient input validation security problem (DSA-1943-1).
Unfortunately OpenLDAP refused to start after the upgrade.

After adding

loglevel config stats

to the configuration file it gave me at least the meaningful error message:

TLS init def ctx failed: -207.

Nov 06 2009

First of all create a self-signed certificate by following the instructions at http://www.eclectica.ca/howto/ssl-cert-howto.php. I copied the private key and the certificates to /etc/ldap. Please make sure that the
private key is only readable by root.

Next add the following lines to /etc/ldap/slapd.conf:
TLSCaCertificateFile /etc/ldap/cacert.pem TLSCertificateFile /etc/ldap/cert.pem TLSCertificateKeyFile /etc/ldap/cert.key

Finally make sure that the LDAP server is listening at the ldaps port (636) by editing /etc/default/slapd
and restarting the LDAP server.

LinuXia

OpenLDAP

Samba/OpenLDAP Cheatsheet

OpenLDAP: TLS init def ctx failed: -207

Open LDAP with SSL on Debian

User login