[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldapi without TLS and ldap with TLS?
Hi,
I'm tying achieve the following with OpenLDAP RE24 from last week:
Connections on ldapi:/// are plain text and ldap connections require TLS
with client cert auth. I thought I could do that with:
# global configuration settings
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/openldap34/slapd34.args
olcPidFile: /var/run/openldap34/slapd34.pid
olcLogFile: /var/log/openldap34/slapd34.log
olcLogLevel: -1
olcTLSCACertificateFile: /etc/pki/tls/certs/ca.crt
olcTLSCertificateFile: /etc/pki/tls/certs/server.crt
olcTLSCertificateKeyFile: /etc/pki/tls/private/server.key
olcTLSCipherSuite: TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH
olcTLSVerifyClient: demand <---
olcLocalSSF: 0 <---
olcSecurity: tls=256 <---
Since I'm seeing the error below clearly I thought wrong:
5121a107 >>> slap_listener(ldapi:///)
5121a107 daemon: listen=11, new connection on 15
5121a107 daemon: added 15r (active) listener=(nil)
5121a107 conn=1009 fd=15 ACCEPT from PATH=/var/run/ldapi
(PATH=/var/run/ldapi)
[snip]
5121a107 conn=1009 op=0 BIND dn="cn=ReadOnly,dc=example,dc=com" method=128
5121a107 do_bind: version=3 dn="cn=ReadOnly,dc=example,dc=com" method=128
5121a107 send_ldap_result: conn=1009 op=0 p=3
5121a107 send_ldap_result: err=13 matched="" text="TLS confidentiality
required"
[snip]
5121a107 conn=1009 op=0 RESULT tag=97 err=13 text=TLS confidentiality
required
Anyone have an idea how I can achieve my goal?
Thanks!
Patrick