I stood up OpenDJ v3.0.0
on rhel 7
server with java version 1.8.0_251
. I set ssl/tls
to yes
with self sign cert
generated and it is empty
no ldap schema is imported yet only baseDN
was stated.
Once install was complete, I executed service opendj status
and system said Running
although executing /install/path/bin/status
threw java.security.cert.CertificateException: No subject alternative names present
.
With assumption of ldap service is running I executed following two diff sets of ldapsearch
cmds to verify whether it is handling incoming ldap request or not base on this doc: https://backstage.forgerock.com/knowledge/kb/article/a54816700
./ldapsearch --hostname foo.domain.com --port 636 --useSsl --trustAll --bindDN "cn=Directory Manager" --bindPassword password --baseDN "" --searchScope base "(objectclass=*)" 1.1
dn:
./ldapsearch --port 389 --baseDN "" --searchScope base "(&)" alive healthy
dn:
My question is with returned response as dn:
, I can't tell OpenDJ
is running properly or not. I'd appreciate your advice.
The first error with Status is due to changes in JDK 8 where certificates subject name much match the hostname you are trying to connect to.
The second part of the question is not an error. It's expected. Your first query is requesting no attributes (trailing argument '1.1' means to return no attributes). The second query is requesting attributes that do not exist in the rootDSE for OpenDJ 3.0. These attributes were added to ForgeRock Directory Service version 6.5.0.