Hey ldap folks!
I've attempted to add TLS capabilities to my newly created LDAP server using the following document:
This is how my cert files are looking in terms of ownership and permissions:
[root@puppet:~] #ls -l /etc/pki/tls/*/* | grep ldap
-r-------- 1 ldap root 1241 Feb 19 13:06 /etc/pki/tls/certs/ldap.crt
-r-------- 1 ldap root 1021 Feb 19 13:05 /etc/pki/tls/misc/ldap.csr
-r-------- 1 ldap root 1679 Feb 19 13:01 /etc/pki/tls/private/ldap.key
I got to the point where I'm attempting to add the configuration parameters to my ldap setup like so:
[root@puppet:~] #ldapmodify -Y EXTERNAL -H ldapi:///
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: cn=config
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/pki/tls/certs/ldap.crt
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/pki/tls/private/ldap.key
modifying entry "cn=config"
ldap_modify: Inappropriate matching (18)
additional info: modify/add: olcTLSCertificateFile: no equality matching rule
These are the package version numbers I have installed via yum on CentOS 6.5:
openldap-2.4.23-34.el6_5.1.x86_64
openldap-devel-2.4.23-34.el6_5.1.x86_64
openldap-servers-2.4.23-34.el6_5.1.x86_64
openldap-clients-2.4.23-34.el6_5.1.x86_64
Can anyone offer some wisdom as to why this error is happening? Or perhaps offer some better documentation on how to enable the TLS abilities of openldap?
Thanks
Tim