[Date Prev][Date Next] [Chronological] [Thread] [Top]

problem enabling ssl on openldap 2.2.13

To: openldap-technical@openldap.org
Subject: problem enabling ssl on openldap 2.2.13
From: rui <guideveloper@gmail.com>
Date: Tue, 4 Jan 2011 16:52:06 +0000
Cc: Dieter Kluenter <dieter@dkluenter.de>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:cc:content-type; bh=Rs0WJwsVjt4hFU+YVrLoKSRHyfr1zgpjq4FomIRPE1w=; b=r7JgJZEx1OSIX/UawgIw8/AeEBznIzMdu6gffypbIhxZUyGo2uCf0kTciG5ok1AJ4v AukqS3skOz3EgFsdGDIhiHqRYMBhCdRrh53sY1CujFVDIPQYuwvbGlNOtNIfovZ5WBNR DMoHQ+NJsbIJwsUduUnlpGuWUzIgWygV37ouw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type; b=v4v7XP5qjs5Z7kEw1JZ4Ya6jG6VbkEY9ezKgWlefKx95Ek/sXu28+FxbBvzVHKxjWa bdmclTXE+jVzBpuU7ujaHtlrGsptks906UsIEJuTBcYRMbZHd8LPfOmLkx0GQRVFeOUi SoSUKOi3hbx9+6uWdgttR93onzMuZXnUx1tp8=

Hi

I am trying to enable tls based session with openldap from a client. I
created a self signed certificate based on command from
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.1
My server.pem file is in /etc/openldap directory where slapd.conf is located.

Here are further settings in my slapd.conf
TLSCACertificateFile	server.pem
TLSCertificateFile	        server.pem
TLSCertificateKeyFile	server.pem

TLSVerifyClient               never


When I restart the ldap, it gives me the following warnings.
 is not readable by "ldap"                                 [WARNING]
 is not readable by "ldap"                                 [WARNING]
 is not readable by "ldap"                                 [WARNING]
Checking configuration files for slapd:                    [  OK  ]
Starting slapd:                                            [  OK  ]


I have checked the ps output and it is started as:
ldap      6883     1  0 16:18 ?        00:00:00 /usr/sbin/slapd -u
ldap -h ldap:/// ldaps:///

AND
netstat -anp | grep slapd
tcp        0      0 0.0.0.0:389                 0.0.0.0:*
     LISTEN      7850/slapd
tcp        0      0 0.0.0.0:636                 0.0.0.0:*
     LISTEN      7850/slapd
tcp        0      0 ip:389               ip:43165
ESTABLISHED 7850/slapd
tcp        0      0 :::389                      :::*
     LISTEN      7850/slapd
tcp        0      0 :::636                      :::*
     LISTEN      7850/slapd
unix  2      [ ]         DGRAM                    302231743 7850/slapd

Regards,
rui

Follow-Ups:
- Re: problem enabling ssl on openldap 2.2.13
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: viewing cn=config
Next by Date: nis vs rfc2307bis
Index(es):
- Chronological
- Thread