opendj

How to verify OpenDJ respond to ldap request?


I stood up OpenDJ v3.0.0 on rhel 7 server with java version 1.8.0_251. I set ssl/tls to yes with self sign cert generated and it is empty no ldap schema is imported yet only baseDN was stated.

Once install was complete, I executed service opendj status and system said Running although executing /install/path/bin/status threw java.security.cert.CertificateException: No subject alternative names present.

With assumption of ldap service is running I executed following two diff sets of ldapsearch cmds to verify whether it is handling incoming ldap request or not base on this doc: https://backstage.forgerock.com/knowledge/kb/article/a54816700

./ldapsearch --hostname foo.domain.com --port 636 --useSsl --trustAll --bindDN "cn=Directory Manager" --bindPassword password --baseDN "" --searchScope base "(objectclass=*)" 1.1
dn:

./ldapsearch --port 389 --baseDN "" --searchScope base "(&)" alive healthy
dn: 

My question is with returned response as dn:, I can't tell OpenDJ is running properly or not. I'd appreciate your advice.


Solution

  • The first error with Status is due to changes in JDK 8 where certificates subject name much match the hostname you are trying to connect to.

    The second part of the question is not an error. It's expected. Your first query is requesting no attributes (trailing argument '1.1' means to return no attributes). The second query is requesting attributes that do not exist in the rootDSE for OpenDJ 3.0. These attributes were added to ForgeRock Directory Service version 6.5.0.