Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
This question does not appear to be about
a specific programming problem, a software algorithm, or software tools primarily used by programmers
. If you believe the question would be on-topic on
another Stack Exchange site
, you can leave a comment to explain where the question may be able to be answered.
Closed
3 years ago
.
I followed
RHEL7: Configure a LDAP directory service for user connection
to configure openldap on CentOS Linux release 7.
First I create the
/etc/openldap/changes.ldif
file and paste the content with replacing the password of course with the previously created password.
Then I get to send the new configuration to the slapd server using the command
# ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/openldap/changes.ldif
Once I do that I get the following error:
# ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/openldap/changes.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
All the files are readable for the user slapd is running as.
What's wrong there? I couldn't find anything useful to feed SEARCHENGINE with.
It's been a while that I've been looking for a solution but at the moment all what I found is two people
Re: Error 80 with ldapmodify
ldap_modify: Other (e.g., implementation specific) error (80)
Having the same problem and asking the same question but no answers.
–
In my specific case, I was having this error and I literally spent days scouring the Web for an answer. It turned out in my case that the order matters. The correct order was:
olcTLSCACertificateFile,
olcTLSCertificateKeyFile,
olcTLSCertificateFile.
Until the order of the attributes in my file was the one above, I was having that dreaded and unhelpful "ldap_modify: Other (e.g., implementation specific) error (80)" message.
I tried to detect permission errors using sudo -u ldap nano <path to each file>. All was fine for each file.
nano revealed that the files were in DOS format: I converted them to have Linux line endings, to no avail.
In all I read, there was a question as to whether the certificate file was in the proper PEM format. I could not check that, maybe that it's also a cause for this error.
The only thing that worked was commenting out some lines in the file until I saw changes after running ldapsearch -H ldapi:// -Y EXTERNAL -b "cn=config" -LLL -Q -s base.
Note also that I "compressed" the changes in my file to a single change. What I mean with "compressed" is that instead of having three changes, I had only one: instead of this (I'm using Ansible, so this is actually a Jinja2 template)
dn: cn=config
changetype: modify
replace: olcTLSCACertificateFile
olcTLSCACertificateFile: {{ cert_parentdir_ca_chain }}/{{ cert_filename_ca_chain }}
dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: {{ cert_parentdir_wildcard_cert }}/{{ cert_filename_wildcard_cert }}
dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: {{ ldap_cert_parentdir_key }}/{{ cert_filename_key }}
I had this
dn: cn=config
changetype: modify
replace: olcTLSCACertificateFile
olcTLSCACertificateFile: {{ cert_parentdir_ca_chain }}/{{ cert_filename_ca_chain }}
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: {{ ldap_cert_parentdir_key }}/{{ cert_filename_key }}
replace: olcTLSCertificateFile
olcTLSCertificateFile: {{ cert_parentdir_wildcard_cert }}/{{ cert_filename_wildcard_cert }}
–
–
–
–
–
