[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS not working with 2.0.14



I have, I think, configured OpenLDAP 2.0.14 correctly for TLS support.

  *  It was configured with "--with-tls=openssl" on the command line.

  *  "ldd /usr/local/libexec/slapd" shows that libssl.so has been linked
     in.

I've created ldapcert.pem, ldapkey.pem, and cacert.pem as described at

    http://www.bolthole.com/solaris/LDAP.html

and added the following lines to slapd.conf

    TLSCipherSuite HIGH:MEDIUM:+SSLv2
    TLSCertificateFile /usr/local/etc/openldap/ldapcert.pem
    TLSCertificateKeyFile /usr/local/etc/openldap/ldapkey.pem
    TLSCACertificateFile /usr/local/etc/openldap/demoCA/cacert.pem

If I run the server in one window,

    # slapd -h 'ldap:/// ldaps:///' -d 0

it prompts me to enter the PEM pass phase, which I do.  The server then
continues running.

In another window I can run

    # ldapsearch -h clan -D cn=Manager,dc=example,dc=com -w secret -L -x

and I get the expected output.  If I add the -ZZ flag (which, if my
reading of the man page is correct, requires TLS to operate) then
instead I see this.

    # ldapsearch -h clan -D cn=Manager,dc=example,dc=com -w secret -L -x -ZZ 
    ldap_start_tls: Connect error

I can see that slapd is listening on ports 389 and 636, as expected.

Any suggestions for how to debug this gratefully appreciated.  I tried
cranking up the debug output level when running slapd, but at the
moment, the output is just gibberish to me.

N
-- 
FreeBSD: The Power to Serve             http://www.freebsd.org/
FreeBSD Documentation Project           http://www.freebsd.org/docproj/

          --- 15B8 3FFC DDB4 34B0 AA5F  94B7 93A8 0764 2C37 E375 ---

Attachment: pgp5Xy7JgFOVu.pgp
Description: PGP signature