[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem with enabling TLS

To: openldap-software@openldap.org
Subject: Re: problem with enabling TLS
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Tue, 4 Mar 2008 10:12:29 +0200
Cc: Padmavathi Dt <padmavathi.dt@tcs.com>
Content-disposition: inline
In-reply-to: <OF679F4546.CBE84F66-ON65257402.001FC2DF-65257402.0020B03F@tcs.com>
References: <OF679F4546.CBE84F66-ON65257402.001FC2DF-65257402.0020B03F@tcs.com>
User-agent: KMail/1.9.7

On Tuesday 04 March 2008 07:57:03 Padmavathi Dt wrote:
> Hii List,
>
> We have installed and configured our openLDAP-2.4.7 on RedHat LINUX

Out of interest, what version of RedHat LINUX ?

> machine using simple configure( . /configure) without any options.

Did you have a suitable SSL library's development files (headers, linking 
library) installed ? Did you check whether configure found a suitable SSL 
library, and enabled SSL support?

> It has been working fine.Now we want to use SSL with that
> we are using openssl-0.9.7g package.We got all the required certificates.
> Now the problem is that,when I run the following command:
>
> /usr/local/etc/openldap/slapd.conf -d127 -h "ldap:/// ldaps:///"
>
> It is giving the following error message:
>
> ldap_pvt_gethostbyname_a: host=as3, r=0
> daemon_init: ldap:/// ldaps:///
> daemon_init: listen on ldap:///
> daemon_init: listen on ldaps:///
> daemon_init: 2 listeners to open...
> ldap_url_parse_ext(ldap:///)
> daemon: listener initialized ldap:///
> ldap_url_parse_ext(ldaps:///)
> daemon: TLS not supported (ldaps:///)
> slapd stopped.
> connections_destroy: nothing to destroy.
>
> >From this I can understand that ,TLS is not supported.what should I do
>
> now?
> One more question.Is there any difference between enabling SSL and TLS ?
> please help me( It is difficult to rebuild openldap again,as there are
> many applications that are using our current LDAP)

Compilation should not be impacted by home many applications are "using your 
current LDAP". Any sane environment should be deployed with some kind of 
software management tool (such as rpm), in which case you would build the 
software independently of installing it. This would also allow you to test 
the configuration on a different machine first, before deploying it etc. etc.

If you are running Red Hat Enterprise Linux (3, 4 or 5), you may want to look 
here:

http://staff.telkomsa.net/packages/

(2.4.8 and 2.3.41 coming ... just have some hardware issues on our internal 
package repo to sort out before I can afford time building packages ...).

Regards,
Buchan

References:
- problem with enabling TLS
  - From: Padmavathi Dt <padmavathi.dt@tcs.com>

Prev by Date: Re: Account Locked message?
Next by Date: Testing the state of replicates
Index(es):
- Chronological
- Thread