[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: any working documentation?

 
http://www.openldap.org/doc/admin24/tls.html

And maybe something like this:
https://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.cmc.doc/task_apionprem_gernerate_self_signed_openSSL.html



-----Original Message-----
From: Dmitri Seletski [mailto:drjoms@gmail.com] 
Sent: maandag 19 augustus 2019 21:26
To: openldap-technical@openldap.org
Subject: any working documentation?

Hello.


I am new to the list, so if you gonna beat me with your feet - please 
don't hit me in the face.

I did not find help/user list. So post here.

Where can I find working documentation for OpenLDAP?

Most current i found:

https://www.openldap.org/doc/admin24/quickstart.html

It says nothing of TLS encryption. I fail to start service

See output below:



TLSMC: MozNSS compatibility interception begins.
tlsmc_intercept_initialization: INFO: entry options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile = 
`/etc/openldap/certs/password'
tlsmc_convert: INFO: trying to open NSS DB with CACertDir = 
`/etc/openldap/certs'.
tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir 
`/etc/openldap` prefix `certs`.
tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error 
-8015.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration 
is present.
tlsmc_intercept_initialization: INFO: altered options follow:
tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
tlsmc_intercept_initialization: INFO: keyfile = 
`/etc/openldap/certs/password'
tlsmc_intercept_initialization: INFO: successfully intercepted TLS 
initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLS: could not use certificate `OpenLDAP Server'.
TLS: error:02001002:system library:fopen:No such file or directory
bss_file.c:402
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
ssl_rsa.c:468
5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: 
freeing system resources.
5d5af51b slapd stopped.
5d5af51b connections_destroy: nothing to destroy.



Where can I submit errata to documentation maintainer?(as quick start 
clearly doesn't work in my default install of OpenLDAP on CentOS 7)

And how can I start SLAPD without encryption?

I can generate self signed private/public key and make ln -s of my CA 
cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO 
unnecessary. At least on 'try out' step.

Thanks in advance

Dmitri