From owner-freebsd-questions@freebsd.org Mon Nov 4 19:25:11 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 586A91ADBEA for ; Mon, 4 Nov 2019 19:25:11 +0000 (UTC) (envelope-from Norman.Gray@glasgow.ac.uk) Received: from plockton.cent.gla.ac.uk (plockton.cent.gla.ac.uk [130.209.16.75]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 476N6b1dmfz4F0t for ; Mon, 4 Nov 2019 19:25:10 +0000 (UTC) (envelope-from Norman.Gray@glasgow.ac.uk) Received: from cas07.campus.gla.ac.uk ([130.209.14.164]) by plockton.cent.gla.ac.uk with esmtp (Exim 4.72) (envelope-from ) id 1iRhyP-0007Ta-2b for freebsd-questions@freebsd.org; Mon, 04 Nov 2019 19:25:09 +0000 Received: from CAS08.campus.gla.ac.uk (130.209.14.165) by cas07.campus.gla.ac.uk (130.209.14.164) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 4 Nov 2019 19:25:08 +0000 Received: from GBR01-LO2-obe.outbound.protection.outlook.com (104.47.21.58) by CAS08.campus.gla.ac.uk (130.209.14.165) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 4 Nov 2019 19:25:08 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Nu8FHFn4eGheeQU5e/BTU7Gu6Xx5U9F+DKc6zHyBl/Jx+JX7QFerhwLeGD5YxTD0UzUjVkQMfYkNqsxhbZJ/ngQWQ/BbXKYVqLmhqfWllnBHBVS4eNe2bGQqyGyzevbC5/YmLdZREJMIGALWNZTVSC+xAwknh8BWet3AF731EKPwKSmIL05Sz2QEiigq3gw0CpgVojMm5oOwVVSryqxHVeKrED3p/MWqI+uoPxRe/5OFZGEjnjlVC5SFZ9qd8Zv+7FNjNXPS9B2sDOzd80+8Zs4VUvVrAteLUBchrgdeHdtndLVvbOsbxUwK0ZqoWZY39ANcAOmG1uMDfB6gq2YGoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6TRTgbIxyNFMjWxqHygTxk/2s6IgtbW+dfIhPcuWbh8=; b=U/OGFZJ/GlDlv8mfZhVZoB7IOGgdvm9GQcEXRTXBu8uaIquaTpHQFynI/wbBbGU5aIXWFkQjyw1S/Dw775sfDhvhEuqBFU4W9/daudAlJ4bOF8/3wTwPtTj3KDkdaGoMffz7FLvIjBzkhqiiRysWCqqZusiZUs10QAST+KWnFEc9k/5jMmWpj5UN7N4+bk6GmAhPmTQhJqx6ubbiqwWm+3O6Bhp7UVaU4zbv3kxaAbdFtEsEL+ntfIaKinH1EbpSoxiUhGfNbWnRpneY+f8nc9hcAal6r7wacnbRueccbYS7wLcVUJy2lvz99GeryCD41nRH2ovMLGQ+d1hessT+cw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=glasgow.ac.uk; dmarc=pass action=none header.from=glasgow.ac.uk; dkim=pass header.d=glasgow.ac.uk; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gla.onmicrosoft.com; s=selector2-gla-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6TRTgbIxyNFMjWxqHygTxk/2s6IgtbW+dfIhPcuWbh8=; b=NJmgMyQF/XaixjNOPFAB4KjSHrEF/X7gYur97++rnP7zjb/thVsY+UTCii08exOiB9BnA9insdgQYFZJ7ws1pnA+4zUYGd2q6PMtAq7rPw8dmGp/K65NBBcGrEZhpykWJEfL8ATKh9+oOsIy3dAfPJ+cq3ASdBqDsNwHDx3X0n0= Received: from LO2P265MB1584.GBRP265.PROD.OUTLOOK.COM (20.176.141.10) by LO2P265MB1422.GBRP265.PROD.OUTLOOK.COM (20.176.138.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Mon, 4 Nov 2019 19:25:08 +0000 Received: from LO2P265MB1584.GBRP265.PROD.OUTLOOK.COM ([fe80::a84e:c99d:3fab:6f2a]) by LO2P265MB1584.GBRP265.PROD.OUTLOOK.COM ([fe80::a84e:c99d:3fab:6f2a%4]) with mapi id 15.20.2408.024; Mon, 4 Nov 2019 19:25:08 +0000 From: Norman Gray To: "freebsd-questions@freebsd.org" Subject: Re: openldap and letsencrypt Thread-Topic: openldap and letsencrypt Thread-Index: AQHVkwogVQIVg3VhHk6ySNLK4+nkAKd7B7mAgABFbQCAABfngA== Date: Mon, 4 Nov 2019 19:25:08 +0000 Message-ID: References: <20191104071911.00005546@seibercom.net> <14a9c556-dbe6-c5f9-a02f-26fba1bce6f5@FreeBSD.org> <20191104125934.00007f9a@seibercom.net> In-Reply-To: <20191104125934.00007f9a@seibercom.net> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [130.209.45.140] x-clientproxiedby: LO2P265CA0058.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:60::22) To LO2P265MB1584.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:90::10) x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: MailMate (1.13r5655) x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2004f5c7-cc5b-408e-9cd8-08d7615cb3e9 x-ms-traffictypediagnostic: LO2P265MB1422: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 0211965D06 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(366004)(39860400002)(396003)(136003)(346002)(189003)(199004)(14454004)(33656002)(66946007)(6436002)(64756008)(66446008)(7736002)(3480700005)(2906002)(7116003)(5660300002)(966005)(478600001)(66066001)(2351001)(25786009)(305945005)(316002)(81166006)(86362001)(786003)(8676002)(81156014)(3846002)(6116002)(6486002)(446003)(11346002)(486006)(8936002)(50226002)(99286004)(2616005)(476003)(76176011)(36756003)(52116002)(102836004)(6506007)(6916009)(6306002)(6512007)(44832011)(229853002)(2501003)(71200400001)(71190400001)(256004)(66476007)(66556008)(186003)(26005)(6246003)(5640700003)(386003)(53546011); DIR:OUT; SFP:1101; SCL:1; SRVR:LO2P265MB1422; H:LO2P265MB1584.GBRP265.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: glasgow.ac.uk does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: eC7f/tHBKI6agHPTSPOLeXJs9x8DuTnmMLjGUAcKtYFyGHCTlDFX1+TD2ShgODOLNAFWCCgKjiuvVWfTl/1TDkRIgstga9PvWDScH3qC/98zO6cnAplkTPABQ57H3VN6JGUiuHb2b4mGqhDtCGDoW7S5Yaqng3TdoWvVXmXM/xPMwPBwHUFWZSs6wax5PpYmv+76v3EkaRkAN2RuvwRoXdHqXui7K09hJ21m2hxQxvcC5A+gMUo2qoBgBKfjOhNaC52fTvFHIiZZt0zIJDLCI9a0ZKq0o00BM22d2rdRRP9SCvzPQXSk/ps46+yDjLajyglldqp1EkoWXyJVoAQUoJOteJWgIUtm/CCoZs0DMt8aui6/Fdcj2YFziZ0ZDnZlDt4W2LZ5XrGL74bxsAd6Ob3heDMBatijKXcvpZDR9MEBS1XnpA/EazWgddqshdo70uaUrxHI8c8XBt3vmTZwob+4Gm4qQ4e4YfAXVcSlmoQ= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 2004f5c7-cc5b-408e-9cd8-08d7615cb3e9 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2019 19:25:08.1460 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 6e725c29-763a-4f50-81f2-2e254f0133c8 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: kyUjXxvoBOgwTZkfjR/ZIH1W//afMYTxZzV5Wt3U/V3sfrw5powjGsz4kEnUsy0BOrwYYEm01OVOMlSRqtAf67wDsEd8K/InXLU+2FGY9sc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P265MB1422 X-OriginatorOrg: glasgow.ac.uk X-Rspamd-Queue-Id: 476N6b1dmfz4F0t X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-5.99 / 15.00]; NEURAL_HAM_MEDIUM(-0.99)[-0.987,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2019 19:25:11 -0000 Jerry, hello. On 4 Nov 2019, at 17:59, Jerry wrote: > I can get it up and running, but no one can connect to it. Did you > make any changes to the rc.conf entries? Mine are as shown in the rc.d > 'slapd' script: > > # Slapd > slapd_enable=3D"YES" > slapd_flags=3D'-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ > ldap://0.0.0.0/"' > slapd_sockets=3D"/var/run/openldap/ldapi" > > I have to figure out how to turn on logging. I am working on that now. Things to try: * check olcSecurity and olcLocalSSF in your cn=3Dconfig configuration (see snippet from my config below). * set olcLogLevel in the same stanza (see Sect. 6.2.1.5 of https://www.openldap.org/doc/admin24/slapdconfig.htm); set this in slapd.ldif or dynamically using ldapmodify; setting this to -1 produces _lots_ of logging data to /var/log/debug.log * Even if you plan to support only StartTLS, configure the server to support LDAPS during testing, because then... * ...you can try connecting to the server with `openssl s_client -connect ldap.example.com:636 -showcerts