[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem with enabling TLS

On Tue, 4 Mar 2008, Padmavathi Dt wrote:
We have installed and configured our openLDAP-2.4.7 on RedHat LINUX
machine using simple configure( . /configure) without any options.
It has been working fine.Now we want to use SSL with that
we are using openssl-0.9.7g package.We got all the required certificates.
Now the problem is that,when I run the following command:

/usr/local/etc/openldap/slapd.conf -d127 -h "ldap:/// ldaps:///"

It is giving the following error message:
daemon: TLS not supported (ldaps:///)

Your build didn't include TLS support. You're going to have to reconfigure and rebuild and this time you should read the output from 'configure' to see why it didn't find your OpenSS install. Did you install OpenSSL in a non-standard location? If you, you probably need to set the CPPFLAGS and LDFLAGS environment variables so that configure can find and build against it, ala:

env CPPFLAGS=-I/usr/local/openssl/include \
    LDFLAGS=-L/usr/local/openssl/lib \
    ./configure --enable-tls=openssl --with-other-stuff --enable-bits-here

One more question.  Is there any difference between enabling SSL and

Unfortunately, different people use those terms in different ways.

"SSL" is a protocol for carrying other protocols with confidentiality, integrity, authentication, etc. "TLS" is the standardized and revised version of that protocol.

For many people, "enabling SSL" means "using the negotiate-SSL-on-connect" version of the protocol. I.e., "ldaps" instead of "ldap". TLS is then generally associated with using the "upgrade-to-TLS" method where you connect normally (in cleartext) and then use a protocol request to initiate the SSL/TLS handshake, aka STARTTLS. e.g., the -Z option to ldap{search,modify,etc}.

please help me( It is difficult to rebuild openldap again,as there are
many applications that are using our current LDAP)

Why is that a problem? Rebuild and test before installing, then do the install when you're sure it's working properly.

Philip Guenther