[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP via TLS

To: openldap-technical@openldap.org
Subject: Re: LDAP via TLS
From: Dieter KlÃnter <dieter@dkluenter.de>
Date: Wed, 19 Feb 2014 21:36:13 +0100
In-reply-to: <CAOZy0emXbWQZEKA8C9hhE+zoZr-zRT7odMXAZoZLGwmM6mJDvg@mail.gmail.com>
Organization: AVCI
References: <CAOZy0emXbWQZEKA8C9hhE+zoZr-zRT7odMXAZoZLGwmM6mJDvg@mail.gmail.com>

Am Wed, 19 Feb 2014 13:35:13 -0500
schrieb Tim Dunphy <bluethundr@gmail.com>:

> Hey ldap folks!
> 
> I've attempted to add TLS capabilities to my newly created LDAP server
> using the following document:
> 
> http://www.server-world.info/en/note?os=CentOS_6&p=ldap&f=3
> 
> This is how my cert files are looking in terms of ownership and
> permissions:
> 
> [root@puppet:~] #ls -l /etc/pki/tls/*/* | grep ldap
> -r-------- 1 ldap root   1241 Feb 19 13:06 /etc/pki/tls/certs/ldap.crt
> -r-------- 1 ldap root   1021 Feb 19 13:05 /etc/pki/tls/misc/ldap.csr
> -r-------- 1 ldap root   1679 Feb 19
> 13:01 /etc/pki/tls/private/ldap.key
> 
> I got to the point where I'm attempting to add the configuration
> parameters to my ldap setup like so:
> 
> [root@puppet:~] #ldapmodify -Y EXTERNAL -H ldapi:///
> SASL/EXTERNAL authentication started
> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> SASL SSF: 0
> dn: cn=config
> add: olcTLSCertificateFile
> olcTLSCertificateFile: /etc/pki/tls/certs/ldap.crt

Don't rely on third party documentation! Read the manual pages!
In particular ldapmodify(1).
You are missing the changetype attribute.

[...]

-Dieter
-- 
Dieter KlÃnter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53Â37'09,95"N
10Â08'02,42"E

References:
- LDAP via TLS
  - From: Tim Dunphy <bluethundr@gmail.com>

Prev by Date: RE: Syncrepl and mmr
Next by Date: Re: LDAP via TLS
Index(es):
- Chronological
- Thread