[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSL/TLS



Thanks to all here for helping me get my version upgraded on RedHat 7.3
to 2.1.22 using the openit.org rpms. I got all to upgrade, the
cyrus-sasl, nss_ldap and pam_ldap packages as well.

I notice the rpms install sets the database type to bdb where the old
2.0.27 install was ldbm, is this a bad thing and could it cause TLS not
to work according to the doc below I am using for help?

http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html

I complete section 4.2 since already having the OpenLDAP. I create the
certs and sign without problem, putting them into /var/lib/ldap instead
of the document reference because of my install. But if I add the
following TLS lines to slapd.conf, it fails to restart. Take them out,
everything starts:

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /var/lib/ldap/cacert.pem
TLSCertificateFile /var/lib/ldap/servercrt.pem
TLSCertificateKeyFile /var/lib/ldap/serverkey.pem
                                                                                
# Use the following if client authentication is required
TLSVerifyClient demand
# ... or not desired at all
#TLSVerifyClient never

I have all files chmod'd 600 and owned by ldap user, can anyone point me
to what I am be doing wrong.

-- 
Robert