Highlighted
Anonymous_User Absent Member.
Absent Member.
2747 views

LDAPS settings stop nlpd service from starting


Hello,
We want to encrypt the data transmitted between the proxy and any
outside vendors who use our authentication service to validate our
users. We don't need TLS/SSL from the listener to the
back-end-servers... we only want it from the from the outside vendor to
the proxy. Proxy to AD communication can be unencrypted.

I created a CSR and had it signed by a CA. I placed it (.pem) in the
/etc/opt/novell/ldapproxy/conf/ssl/private folder. I updated the
listener. Now the nlpd service will not start. The nlpd log says the
following:
We are not in DHost. pid = 14815624
Stopping proxy service... reason=0x81510101
Proxy service successfully stopped...

Any ideas?
Thanks


--
melaniebrooks
------------------------------------------------------------------------
melaniebrooks's Profile: https://forums.netiq.com/member.php?userid=8971
View this thread: https://forums.netiq.com/showthread.php?t=52710

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: LDAPS settings stop nlpd service from starting

I haven't set this up specifically, but I would not expect anything
dealing with the external CA to be placed in a 'private' directory, as the
only thing that should go there is the public key. The private/key file
should probably go in a private directory, though.

Are you following specific steps in the documentation to set this up, and
if so can you provide a link for others to try?

Which version of LDAP Proxy?

If you move the file back out of 'private' do things work again? Did you
overwrite anything when you placed the file there?

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: LDAPS settings stop nlpd service from starting


Hello,
Thank you for the response.
I'm using an activated version 1.5 of LDAP Proxy. I'm following these
directions: http://tinyurl.com/pwmfdfs (though I'm using AD only) as
well as information sent to me by one of the sales engineers:
<listener id-listener="listener3">
<service protocol="ldaps">
<addr-dns>server1.example.com</addr-dns>
<port>636</port>
</service>
<certificate-file-name>private-cert1.pem</certificate-file-name>

<ref-policy-connection-route>admin-policy</ref-policy-connection-route>
</listener>

If I remove all LDAPS references from the listener it will run whether
the file is there or not.

ab;253610 Wrote:
> I haven't set this up specifically, but I would not expect anything
> dealing with the external CA to be placed in a 'private' directory, as
> the
> only thing that should go there is the public key. The private/key
> file
> should probably go in a private directory, though.
>
> Are you following specific steps in the documentation to set this up,
> and
> if so can you provide a link for others to try?
>
> Which version of LDAP Proxy?
>
> If you move the file back out of 'private' do things work again? Did
> you
> overwrite anything when you placed the file there?
>
> --
> Good luck.
>
> If you find this post helpful and are logged into the web interface,
> show your appreciation and click on the star below...



--
melaniebrooks
------------------------------------------------------------------------
melaniebrooks's Profile: https://forums.netiq.com/member.php?userid=8971
View this thread: https://forums.netiq.com/showthread.php?t=52710

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: LDAPS settings stop nlpd service from starting


Hello,

I have setup a 1.5 installation with ldaps to the backend and use the
same configuration snipped you posted.

How does your certificate file in
/etc/opt/novell/ldapproxy/conf/ssl/private look like ?

Base64 encoded, meaning you can read the line descriptions somehting
like this ?

-----BEGIN WRAPPED KEY-----
....
-----BEGIN WRAPPED KEY-----
....
-----END CERTIFICATE-----
-----BEGIN TRUSTED CERTIFICATE-----
....
-----END TRUSTED CERTIFICATE-----


Rainer


--
brunold
------------------------------------------------------------------------
brunold's Profile: https://forums.netiq.com/member.php?userid=504
View this thread: https://forums.netiq.com/showthread.php?t=52710

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.