February 2009

Monthly Archive

Sysadmin12 Feb 2009 09:53 am

Booting into single user mode with grub

I recently had a problem where one of the daemons run at startup would hang.  In order to disable this, I needed to boot into single user mode, and chkconfig the service off.

The key to booting into single user mode is the word ‘single’ on the kernel command line.

Heres the steps:

  1. Reboot the system
  2. At the grub screen, hit esc to stop the default boot sequence
  3. use the arrow keys select the kernel image you wish to boot
  4. type ‘e’ to edit the kernel image startup parameters
  5. on the screen use the arrow keys again to select the line with the startup parameters.  This should be the  the middle line, the one that starts with the word ‘kernel’.
  6. Type ‘e’ to edit this line
  7. append the word ‘single to the end of the line and type enter
  8. type the ‘b’ key to boot the kernel

No Comments »
Networking and Software and Sysadmin05 Feb 2009 12:01 pm

LDAP Development Setup

To set up debugging on the slapd, in slapd.conf:

loglevel -1

in syslog.conf:

local4.* /var/log/slap.log

To create self signed certificates:  I created a makefile:

.SUFFIXES :.cert .csr .key

TARGET = host

all : ${TARGET}.cert

${TARGET}.key :
openssl genrsa -des3 -out $@ 1024
cp $@ $@.org
openssl rsa -in $@.org -out $@
rm $@.org

.key.csr :
openssl req -new -key $< -out $@

.csr.cert :
openssl x509 -req -days 365 -in $< -signkey $*.key -out $@

clean :
rm -rf *.cert *.csr *.key *~

Added to slapd.conf.  I was not able to get self signed certificates to work yet.

#TLSCACertificateFile /etc/openldap/certs/host.csr
TLSCertificateFile /etc/openldap/certs/host.cert
TLSCertificateKeyFile /etc/openldap/certs/host.key
TLSVerifyClient never

added to ~/.ldaprc

TLS_REQCERT never

Sample code to test the connection. Does not do a query.

int result;
LDAP * ldap;
int version  = LDAP_VERSION3;
const char * host = “ldap://10=192.168.1.9/base??”;
int port = 389;
int SSLmode = LDAP_OPT_X_TLS_HARD;
const char * binddn =  “cn=Administrator,dc=application,dc=company,dc=int”;
const char * bindpw =  “secret”;

result = ldap_initialize(&ldap , host);
if ( result  != LDAP_SUCCESS){
cerr <<  __LINE__<< ” failed ” <<ldap_err2string(result) << endl;
exit(-1);
}

/* always default to LDAP V3 for TLS*/
result =  ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
if ( result  != LDAP_SUCCESS){
cerr <<  __LINE__<< ” failed ” <<ldap_err2string(result) << endl;
exit(-1);
}

result = ldap_start_tls_s( ldap, NULL, NULL );
if ( result  != LDAP_SUCCESS){
cerr <<  __LINE__<< ” failed ” <<ldap_err2string(result) << endl;
exit(-1);
}

for (int failures=0; failures<10; failures++)
{
result = ldap_simple_bind_s(ldap, binddn, bindpw);
if (LDAP_SERVER_DOWN != result)
break;
}

if (LDAP_SUCCESS != result)
{
ldap_unbind_s(ldap);
cerr <<  “LDAP: ldap_simple_bind_s() failed ” <<ldap_err2string(result) << endl;
}

Command line to test TLS setup.   Returns many results in my setup:

ldapsearch -H “ldap://192.168.1.9″ -LLL -x -w secret -D “cn=Administrator,dc=application,dc=company,dc=int”  -b  ‘dc=application,dc=company,dc=int’ ‘(objectclass=*)’  -ZZ

No Comments »