directive "TLSCipherSuite" not recognized

[Sameer N I <strike@proscrutiny.com>]

Hi,

Problem: getting warning from slapd.
[from slapd.log]
-------< snip >--------
Apr 28 12:10:38 ironclad slapd[11895]: @(#) $OpenLDAP: slapd 2.2.25 (Apr 
25 2005 17:42:28) $ 
^Ihawk@ironclad.mil:/home/hawk/src/openldap-2.2.25/servers/slapd
Apr 28 12:10:38 ironclad slapd[11895]: daemon: IPv6 socket() failed 
errno=97 (Address family not supported by protocol)
Apr 28 12:10:38 ironclad slapd[11895]: 
/usr/local/etc/openldap/slapd.oc.conf: line 20: old objectclass format 
not supported.
Apr 28 12:10:38 ironclad slapd[11895]: bdb_db_init: Initializing BDB 
database
Apr 28 12:10:38 ironclad slapd[11895]: 
/usr/local/etc/openldap/slapd.conf: line 87: unknown directive 
"TLSCipherSuite" inside backend database definition (ignored)
Apr 28 12:10:38 ironclad slapd[11895]: 
/usr/local/etc/openldap/slapd.conf: line 88: unknown directive 
"TLSCertificateFile" inside backend database definition (ignored)
Apr 28 12:10:38 ironclad slapd[11895]: 
/usr/local/etc/openldap/slapd.conf: line 89: unknown directive 
"TLSCertificateKeyFile" inside backend database definition (ignored)
Apr 28 12:10:38 ironclad slapd[11897]: slapd starting
Apr 28 12:10:38 ironclad slapd[11897]: daemon: added 6r
Apr 28 12:10:38 ironclad slapd[11897]: daemon: select: listen=6 
active_threads=0 tvp=NULL
-------< /snip >--------
Though my slapd deamon starts with some wornings I think I will not be 
able to use TLS without these options recognized by slapd..
I can find the slapd in
$ ps -A | grep slapd
output. Which indicates slapd is running.

I made several futile efforts to find a clue in Faq-O-Matic, google, and 
archives.
Read Administrator's guide and manpages.
But looks like there is something wrong in my configuration which I am 
unable to figure out.

I configured and installed OpenLDAP with --enable-wrapper configuration 
option.
According to `./configure --help` OpenLDAP is installed --with-tls by 
defalut.

Before installing OpenLDAP, I have installed

SSL libraries
Sleepycat Berkeley DB
Cyrus-SASL libraries
ucspi (djb)
daemontools (djb)

Here is my slapd.conf
----------< slapd.conf >----------
include         /usr/local/etc/openldap/slapd.oc.conf
include         /usr/local/etc/openldap/slapd.at.conf
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/nis.schema

schemacheck             on

loglevel        296
pidfile         /usr/local/var/run/slapd.pid
argsfile        /usr/local/var/run/slapd.args

sasl-secprops  noplain,noanonymous,minssf=56

password-hash           {SSHA}

database        bdb
suffix          "dc=ironclad,dc=mil"
rootdn          "cn=Almighty,dc=ironclad,dc=mil"

TLSCipherSuite          HIGH:MEDIUM:+SSLv2
TLSCertificateFile      /etc/local/slapd-cert.pem
TLSCertificateKeyFile   /etc/local/slapd-key.pem

rootpw          secret

directory       /var/ldap/ironclad.mil
mode            0600


# Indices to maintain
index   objectClass     eq
index   cn              pres,eq

cachesize               2000

# Simple ACL granting read access to the world
access to *
       by * read
----------< /slapd.conf >----------

Please point out if I am doning something wrong in configuration.
The installation is on a test server (local machine on our LAN).

Thank you.

Sameer.