[Date Prev][Date Next] [Chronological] [Thread] [Top]

Error using TLS

Hi, this is my first post to the list.

I get an error when trying to run slapd with TLS options. I've looked a lot 
and sincerely don't know what I'm doing wrong.

I use Debian Sarge.

These are the steps I follow to create and configure the TLS certificate:

1) Create a directory ssl:
#> mkdir /etc/ldap/ssl
#> cd /etc/ldap/ssl

2) Generate a private/public key:
#> /usr/lib/ssl/misc/CA.pl -newreq
Generating a 1024 bit RSA private key
writing new private key to 'newreq.pem'
Enter PEM pass phrase: *****
Verifying - Enter PEM pass phrase: *****
Country Name (2 letter code) [AU]:ES
State or Province Name (full name) [Some-State]:Vizcaya
Locality Name (eg, city) []:Barakaldo
Organization Name (eg, company) [Internet Widgits Pty Ltd]:domain.net
Organizational Unit Name (eg, section) []:debian
Common Name (eg, YOUR name) []:debian.domain.net
Email Address []:ibc@domain.net

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Request (and private key) is in newreq.pem

3) Remove the password from the unique "newreq.pem" created:
#> openssl rsa -in newreq.pem -out key.pem
Enter pass phrase for newreq.pem: *****
writing RSA key

4) Edit the certificate to remove the key and rename:
#> vi newreq.pem
#> mv newreq.pem cert.pem

5) Change permissions for the key:
#> chmod 600 key.pem

6) Now I have the cetificate and the key:
#> ls -l
-rw-r--r--  1 root root 708 2007-01-23 21:35 cert.pem
-rw-------  1 root root 887 2007-01-23 21:35 key.pem

7) Configure slapd.conf:
TLSCipherSuite			HIGH
TLSCertificateFile      /etc/ldap/ssl/cert.pem
TLSCertificateKeyFile   /etc/ldap/ssl/key.pem

8) Save and restart slapd:
#> /etc/init.d/slapd restart
Stopping OpenLDAP: slurpd slapd.
Starting OpenLDAP: running BDB recovery, slapd - failed.
The operation failed but no output was produced. For hints on what went
wrong please refer to the system's logfiles (e.g. /var/log/syslog) or
try running the daemon in Debug mode like via "slapd -d 16383" (warning:
this will create copious output).

9) The syslog says:
Jan 23 21:38:20 debian slapd[2339]: @(#) $OpenLDAP: slapd 2.2.23 (May 30 2005 
08:52:42) $ 
Jan 23 21:38:20 debian slapd[2339]: bdb_db_init: Initializing BDB database
Jan 23 21:38:20 debian slapd[2339]: main: TLS init def ctx failed: -1
Jan 23 21:38:20 debian slapd[2339]: slapd stopped.
Jan 23 21:38:20 debian slapd[2339]: connections_destroy: nothing to destroy.

Could you tell me why this error occurs? I've read in many sites about those 
exact steps to configure TLS in OpenLDAP but it doesnt' work for me.

Thanks in advance for any help.

IÃaki Baz Castillo