[Date Prev][Date Next] [Chronological] [Thread] [Top]

Pre-requisites to enable SSL/TLS in OpenLDAP 2.4



Hi All,

I am using OpenLDAP 2.4.21 on RHEL 5.3.

I have configured the openldap with "./configure --with-tls" option to enable ssl in the server. I used the built-in openssl that comes with RHEL 5.3. Berkley GB is 4.8.26.

But after creating the certificates and configuring the slapd.conf with the below lines:

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem

However, when I try to run the slapd with the -h option as "/usr/local/libexec/slapd -h "ldap:// ldaps://" -d 255"

then I get the following output:
>>>>>>>>
daemon_init: ldap:// ldaps://
daemon_init: listen on ldap://
daemon_init: listen on ldaps://
daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap://)
daemon: listener initialized ldap://
ldap_url_parse_ext(ldaps://)
daemon: TLS not supported (ldaps://)
slapd stopped.
connections_destroy: nothing to destroy.
>>>>>>>>>

I am guessing something is wrong at the openldap configuration level itself. Can somebody let me know what are the pre-requisites to be followed while configuring openldap (configure options)so that SSL can be enabled successfully.

Thanks