I have, I think, configured OpenLDAP 2.0.14 correctly for TLS support.
* It was configured with "--with-tls=openssl" on the command line.
* "ldd /usr/local/libexec/slapd" shows that libssl.so has been linked
in.
I've created ldapcert.pem, ldapkey.pem, and cacert.pem as described at
http://www.bolthole.com/solaris/LDAP.html
and added the following lines to slapd.conf
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/ldapcert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/ldapkey.pem
TLSCACertificateFile /usr/local/etc/openldap/demoCA/cacert.pem
If I run the server in one window,
# slapd -h 'ldap:/// ldaps:///' -d 0
it prompts me to enter the PEM pass phase, which I do. The server then
continues running.
In another window I can run
# ldapsearch -h clan -D cn=Manager,dc=example,dc=com -w secret -L -x
and I get the expected output. If I add the -ZZ flag (which, if my
reading of the man page is correct, requires TLS to operate) then
instead I see this.
# ldapsearch -h clan -D cn=Manager,dc=example,dc=com -w secret -L -x -ZZ
ldap_start_tls: Connect error
I can see that slapd is listening on ports 389 and 636, as expected.
Any suggestions for how to debug this gratefully appreciated. I tried
cranking up the debug output level when running slapd, but at the
moment, the output is just gibberish to me.
N
--
FreeBSD: The Power to Serve http://www.freebsd.org/
FreeBSD Documentation Project http://www.freebsd.org/docproj/
--- 15B8 3FFC DDB4 34B0 AA5F 94B7 93A8 0764 2C37 E375 ---
Attachment:
pgp5Xy7JgFOVu.pgp
Description: PGP signature