[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS Configuration

To: Hydro Tium <hydrotium@gmail.com>, openldap-technical@openldap.org
Subject: Re: TLS Configuration
From: Howard Chu <hyc@symas.com>
Date: Wed, 26 Nov 2014 13:09:12 +0000
In-reply-to: <CAGsX+OFh4rsoqBq3Y-KxE1t5X37OCBiQsYFF5NRubtE2pOrnhQ@mail.gmail.com>
References: <CAGsX+OFh4rsoqBq3Y-KxE1t5X37OCBiQsYFF5NRubtE2pOrnhQ@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33a1

Hydro Tium wrote:

Hi guys,

I'm struggling to configure my OpenLDAP with TLS (openssl) without
success.  I'm receiving the following error:

$ sudo slapd -d 3
...
TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed
5475ca9c main: TLS init failed: -1


gcry implies that you're using gcrypt/GnuTLS, not OpenSSL.

My configuration is the following:
dn: cn=config
objectClass: olcGlobal
cn: config
olcPidFile: /var/run/slapd/slapd.pid
olcArgsFile: /var/run/slapd/slapd.args
olcIdleTimeout: 7
olcLogLevel: conns filter stats none
olcReferral: ldap://root.openldap.org <http://root.openldap.org>
olcTLSCACertificateFile: /etc/ssl/certs/My_Root_CA.pem
olcTLSCertificateFile: /etc/ssl/certs/My_Root_CA.pem
olcTLSCertificateKeyFile: /etc/ldap/server.key.pem
olcTLSVerifyClient: demand
olcTLSRandFile: /dev/urandom


Any clues on how to solve this one?


Haven't the foggiest. gcrypt is long obsolete/deprecated.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- TLS Configuration
  - From: Hydro Tium <hydrotium@gmail.com>

Prev by Date: Re: Have problem searching against ldap server after asyn sasl bind
Next by Date: Re: TLS Configuration
Index(es):
- Chronological
- Thread