Menu
▾
▴
#19 fail to install OpenLDAP in secure mode
I have been following http://wiki.tolven.org/doc/index.php/Installation_Guide to install and configure tolven software and the related software PostgreSQL and OpenLdap. I am currently at the stage of "Configure Tolven Plugin Framework", http://wiki.tolven.org/doc/index.php/Configure_Tolven_Plugin_Framework, and then I get stuck at configuring OpenLDAP with SSL.
Here is he problem:
Before I turned on the SSL, the LDAP works just fine and I can connect to it remotely through JXplorer. Then after I turned on the SSL, using the "slapd.conf" file (in the attachment), I used the following command to start the LDAP daemon:
/usr/sbin/slapd
It then asked me to enter the PEM pass phrase. I tried to use "sysadmin", correpsonding to the user name "admin" , as that is what I inputted to the configurePhase1, the phase that produces all the three certificates required for the SSL. But then it failed. Then I guessed it could be "tolven", and the LDAP daemon seems to launch after I enter this guessed pass phrase.
So Quesiont 1: is "tolven" really the pass phrase for LDAP with SSL, following the installation and configuration procedures in your wiki?
After this sort-of-launched LDAP daemon, from my Jxplorer, which runs on a different machine (a Windows machine), I tried different combinations in the "connect" window, I always got the failures to open the LDAP connection response. So
Question 2: what will the correct connection parameters in Jxplorer to connect to the OpenLDAP, given the attached slapd.conf.
In particular, I wonder when should the following lengthy password in a particular line inside slapd.conf, which I copied from the tolven installation guide:
rootpw {SSHA}KHCgqfsybbtXVI4yPkAFKlE2gQPXNemf
Thank you!
Jun
the OpenLDAP configuration file slapd.conf that I am using
The correct start up for port 636 is: slapd -h ldaps://
It is important to understand that you are dealing with three different password artifacts:
1. The openLDAP product needs to be configured with a password (secret) that will be verified when the user connects to SLAPD.. Rather than storing it in plaintext, Only its hash is stored (SSHA) - the long string you pasted. Technically, this is not a password, but rather, it is the hash against which the typed-in password (secret) is compared.
2. When you run JXplorer, you manually enter the SLAPD password. The hash of what you type in is sent to SLAPD and compared against the hash supplied in the configuration file.
3. Now, an operations person (not an administrator) will be starting up LDAP, the database, and application server. You don't want to give the operator all of the administrator passwords. So, Tolven uses a "password store" to keep these various passwords. The system operator then only needs to know the password that is used to protect the password store. This password is defaulted to "tolven".
Answer #1: Yes, the startup password is tolven
Answer #2: JXplorer config. See: http://tolven.org/doc/installation/jxplorer.html