[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with SSL

To: DT Piotr Wadas <pwadas@dtpw.pl>
Subject: Re: OpenLDAP with SSL
From: Chamith Kumarage <gnu.chami@gmx.net>
Date: Fri, 04 Dec 2009 20:30:16 +0530
Cc: openldap-technical@openldap.org
In-reply-to: <Pine.LNX.4.64.0912041236190.3279@kehillah.jewish.org.pl>
References: <1259921770.7904.50.camel@chamith-laptop> <Pine.LNX.4.64.0912041236190.3279@kehillah.jewish.org.pl>

On Fri, 2009-12-04 at 12:38 +0100, DT Piotr Wadas wrote:
> 
> On Fri, 4 Dec 2009, Chamith Kumarage wrote:
> 
> > Hi Folks,
> > 
> > I have setup openldap with SSL and i'm using self signed certs. I have
> > included the following in my slapd.conf.
> > 
> > TLSCipherSuite HIGH:MEDIUM:-SSLv2
> > TLSCACertificateFile /etc/ldap/ssl/server.pem
> > TLSCertificateFile /etc/ldap/ssl/server.pem
> > TLSCertificateKeyFile /etc/ldap/ssl/server.pem
> > TLSVerifyClient demand
> > 
> > and in my ldap.conf I have;
> > 
> > HOST <my_ip>
> > PORT 636
> > TLS_REQCERT /etc/ldap/ssl/server.pem
> 
> What slapd starting line (-h option) you've used? should be something like
> 
> "ldap://127.0.0.1:389/ ldaps://127.0.0.1:636/ ldapi:///"
> 
> E.g. in Debian it's configured via /etc/default/slapd file.
> 
> Regards,
> DT

I have those already configured in /etc/default/slapd . This is the
error I'm getting when trying to do a ldapsearch via ldaps:// ;

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

But I can perform the same operation via ldap://

Thanks,
~Chamith

References:
- OpenLDAP with SSL
  - From: Chamith Kumarage <gnu.chami@gmx.net>
- Re: OpenLDAP with SSL
  - From: DT Piotr Wadas <pwadas@dtpw.pl>

Prev by Date: Re: Authentication failed with ldaps configuration
Next by Date: Re: gidNumber attribute inside group & member
Index(es):
- Chronological
- Thread