[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Error when try modify olcTLS*

To: Quanah Gibson-Mount <quanah@symas.com>
Subject: Re: Error when try modify olcTLS*
From: Igor Sousa <igorvolt@gmail.com>
Date: Thu, 11 Jul 2019 16:29:04 -0300
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0emaM4ILSj5MhdPfNjYOSBTn4A0XYNTiQhmBoPS1v4k=; b=nr7VTk9jsljBF4ACTIx5kyfdWBtulJ19hY+TZlKexrPm34XD2rYzQuykNawFqyUJvI zf8Dj7RC3l7dvQbXbIKLEirkChE0Hlr4qPAMaYnt1fR0wP24lAmQGj7SfhEg31C9pDuz nhKNJFb2nWLGJhxXnk59FwxoqJ0BK2J6gIYLQNDztPMI5I9+W5E6Ut09Wn+aUpWro/VH ZXyZGj3v3Q1QNVwSruiBJAvIdJKdBRlykmfRbjI2XOODtX0gN+yK3f2GBS5uGP4sOq+q P4bmDD2ANg2iZMiGXcwHM3sWaSOZTNfVYm1ZAT4l0jhMnqsLYGLw5JMy4utn5dYqn4qG Mw6g==
In-reply-to: <ECDFD8D8BD5A32677D782E4D@192.168.1.39>
References: <CAAg2ztWXNS0=G1zT=BO2KPTMzC0gc0Q+7ecRH_8N8gawvbrTVg@mail.gmail.com> <ECDFD8D8BD5A32677D782E4D@192.168.1.39>

Hi Quanah,

Sorry about my delay to answer you, I've been in vacation and away from PC.

I understand that I should use the same name when I'll update this file to make it easy, but it is a new installation and this reason that I need modify this entries.

I've tested your suggestion and delete operation has worked fine, but I've still had the same problem described previously when I've tried add new olcTLSCertificateFile or new olcTLSCertificateKeyFile or new olcTLSCACertificateFile. I don't understand the reason for that.

[root@localhost ldifs]# ldapmodify -Y EXTERNAL -H ldapi:/// -f 5tls.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)

--
Igor Sousa

Em sex, 28 de jun de 2019 às 21:53, Quanah Gibson-Mount <quanah@symas.com> escreveu:

--On Friday, June 28, 2019 7:33 PM -0300 Igor Sousa <igorvolt@gmail.com>
wrote:

> dn: cn=config
> changetype: modify
> replace: olcTLSCertificateFile
> olcTLSCertificateFile: /etc/openldap/certs/ldap.local.crt
> -
> replace: olcTLSCertificateKeyFile
> olcTLSCertificateKeyFile: /etc/openldap/certs/ldap.local.key
> -
> add: olcTLSCACertificateFile
> olcTLSCACertificateFile: /etc/openldap/certs/ca.cert.pem

I would suggest simply using the same filenames as you had before, negating
the need to modify the attributes at all. You're likely hitting ITS#8286
with the replace operations. Another idea may be to change replace to a
delete+add in the same operation sequence.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Follow-Ups:
- Re: Error when try modify olcTLS*
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: Switch OpenLDAP backend database from HDB to MDB
Next by Date: Re: Error when try modify olcTLS*
Index(es):
- Chronological
- Thread