[Date Prev][Date Next] [Chronological] [Thread] [Top]


Robert Fitzpatrick wrote:
Thanks to all here for helping me get my version upgraded on RedHat 7.3
to 2.1.22 using the openit.org rpms. I got all to upgrade, the
cyrus-sasl, nss_ldap and pam_ldap packages as well.

I notice the rpms install sets the database type to bdb where the old
2.0.27 install was ldbm, is this a bad thing and could it cause TLS not
to work according to the doc below I am using for help?


I complete section 4.2 since already having the OpenLDAP. I create the
certs and sign without problem, putting them into /var/lib/ldap instead
of the document reference because of my install. But if I add the
following TLS lines to slapd.conf, it fails to restart. Take them out,
everything starts:

TLSCACertificateFile /var/lib/ldap/cacert.pem
TLSCertificateFile /var/lib/ldap/servercrt.pem
TLSCertificateKeyFile /var/lib/ldap/serverkey.pem
# Use the following if client authentication is required
TLSVerifyClient demand
# ... or not desired at all
#TLSVerifyClient never

I have all files chmod'd 600 and owned by ldap user, can anyone point me
to what I am be doing wrong.

The problem is not to do with O/L versions nor with the underlying DB. Permissions for cacert and servercrt should be 444. Are you referencing the server with the exact value of the certificate's CN?

Dave Lewney
Principal Systems Programmer, Computing Service
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956