[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Pre-requisites to enable SSL/TLS in OpenLDAP 2.4
- To: <openldap-technical@openldap.org>
- Subject: Pre-requisites to enable SSL/TLS in OpenLDAP 2.4
- From: "Arun Srinivasan" <arunsriniv@rediffmail.com>
- Date: 24 Mar 2010 06:58:01 -0000
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=redf; d=rediffmail.com; b=YiUcJZCrUp6XtRD/G40btbgBpkik7XBD0u5VrAn2Lp2Dt5u1MIUX1DoNhTg0wzTyUoB37RdR66/dmMLXzF2G+xRu2k4RN1+wT0iaDmXTZqB91cbAg3OdO1iN6x+ycjxfPT+kxmEtVHGgHThfl1BvLVtmLRGu1AtTfvGP17lYgz8= ;
Hi All,
I am using OpenLDAP 2.4.21 on RHEL 5.3.
I have configured the openldap with "./configure --with-tls" option to enable ssl in the server. I used the built-in openssl that comes with RHEL 5.3. Berkley GB is 4.8.26.
But after creating the certificates and configuring the slapd.conf with the below lines:
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
However, when I try to run the slapd with the -h option as "/usr/local/libexec/slapd -h "ldap:// ldaps://" -d 255"
then I get the following output:
>>>>>>>>
daemon_init: ldap:// ldaps://
daemon_init: listen on ldap://
daemon_init: listen on ldaps://
daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap://)
daemon: listener initialized ldap://
ldap_url_parse_ext(ldaps://)
daemon: TLS not supported (ldaps://)
slapd stopped.
connections_destroy: nothing to destroy.
>>>>>>>>>
I am guessing something is wrong at the openldap configuration level itself. Can somebody let me know what are the pre-requisites to be followed while configuring openldap (configure options)so that SSL can be enabled successfully.
Thanks