Community Forum

Resolved
0 votes
I have searched the forum, and i have tried suggested changes, but it is not working for me

running ClearOS 6.8.0.

My "publish policy" is set to "local network"
My "account access" is set to "anonymous"

These are the same settings i had on 5.2, and it worked fine

I am trying to update my "Jenkins" ldap link, and i am getting "connection refused". I am using local IP as my ldap link (ldap://192.168.xxx.xxx:389). I have tried both ldap and ldaps.

Yes, i do have bind DN and bind Password copy/pasted into jenkins.

what else am i missing? what else do i need to enable to get LDAP going?
Saturday, February 11 2017, 12:48 AM
Share this post:
Responses (6)
  • Accepted Answer

    Tuesday, February 14 2017, 07:12 PM - #Permalink
    Resolved
    0 votes
    Thanks Nick. That worked perfectly.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 12 2017, 08:55 AM - #Permalink
    Resolved
    0 votes
    You may need to export the CA certificate ca-cert.pem to machines using ldaps.

    The hack to the /etc/init/d/slapd file should be quite easy. Change line 83 to:
    harg="$harg ldaps://$LANIP/ ldap://$LANIP/"
    and similarly change line 87 to:
    harg="$harg ldaps://$IP/ ldap://$IP/
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 12 2017, 02:34 AM - #Permalink
    Resolved
    0 votes
    ok. I would say i am fairly lost.

    I looked at /etc/init.d/slapd , and i was not sure where to make the change to switch to ldap from ldaps. Also, i found that comparing 5.2 and 6.8 files is pretty pointless since a lot changed between the two, at least that is what it looks like to my untrained eye.

    So, i went back to trying to implement ldaps. For a while i thought that i had to create my own certificate, but then i started thinking that the certificate is already created, and installed on clearos by default. That is what it looks like in slapd. Is that true? which certificate would i export and apply to the other machines (e.g. jenkins)? Is that necessary?

    Where else would i look for issues in implementing ldaps.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, February 11 2017, 04:44 PM - #Permalink
    Resolved
    0 votes
    In 5.x and 6.x (and probably 7.x), ldap:389 is for localhost only; ldaps:636 is for LAN. The file /etc/init.d/slapd can be hacked to allow ldap:389 for the LAN as well.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, February 11 2017, 01:56 PM - #Permalink
    Resolved
    0 votes
    Thanks. Nick. I read on forums that for the local network ldap is ok, and there was no need for ldaps. ldaps is only used for external connections - unless I misread. Since most (all) of our ldap traffic happens when the user vpns or is on site, does it still need to be ldaps.

    I did no hacking / shortcuts. I am trying to get defaults going.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, February 11 2017, 07:31 AM - #Permalink
    Resolved
    0 votes
    Unless you've hacked your start-up file you need to use ldaps which is on port 636 and not ldap:389.
    The reply is currently minimized Show
Your Reply