I have, I think, configured OpenLDAP 2.0.14 correctly for TLS support. * It was configured with "--with-tls=openssl" on the command line. * "ldd /usr/local/libexec/slapd" shows that libssl.so has been linked in. I've created ldapcert.pem, ldapkey.pem, and cacert.pem as described at http://www.bolthole.com/solaris/LDAP.html and added the following lines to slapd.conf TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /usr/local/etc/openldap/ldapcert.pem TLSCertificateKeyFile /usr/local/etc/openldap/ldapkey.pem TLSCACertificateFile /usr/local/etc/openldap/demoCA/cacert.pem If I run the server in one window, # slapd -h 'ldap:/// ldaps:///' -d 0 it prompts me to enter the PEM pass phase, which I do. The server then continues running. In another window I can run # ldapsearch -h clan -D cn=Manager,dc=example,dc=com -w secret -L -x and I get the expected output. If I add the -ZZ flag (which, if my reading of the man page is correct, requires TLS to operate) then instead I see this. # ldapsearch -h clan -D cn=Manager,dc=example,dc=com -w secret -L -x -ZZ ldap_start_tls: Connect error I can see that slapd is listening on ports 389 and 636, as expected. Any suggestions for how to debug this gratefully appreciated. I tried cranking up the debug output level when running slapd, but at the moment, the output is just gibberish to me. N -- FreeBSD: The Power to Serve http://www.freebsd.org/ FreeBSD Documentation Project http://www.freebsd.org/docproj/ --- 15B8 3FFC DDB4 34B0 AA5F 94B7 93A8 0764 2C37 E375 ---
Attachment:
pgp5Xy7JgFOVu.pgp
Description: PGP signature