[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP via TLS



Hey ldap folks!

I've attempted to add TLS capabilities to my newly created LDAP server using the following document: 

http://www.server-world.info/en/note?os=CentOS_6&p=ldap&f=3

This is how my cert files are looking in terms of ownership and permissions:

[root@puppet:~] #ls -l /etc/pki/tls/*/* | grep ldap
-r-------- 1 ldap root   1241 Feb 19 13:06 /etc/pki/tls/certs/ldap.crt
-r-------- 1 ldap root   1021 Feb 19 13:05 /etc/pki/tls/misc/ldap.csr
-r-------- 1 ldap root   1679 Feb 19 13:01 /etc/pki/tls/private/ldap.key

I got to the point where I'm attempting to add the configuration parameters to my ldap setup like so:

[root@puppet:~] #ldapmodify -Y EXTERNAL -H ldapi:///
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: cn=config
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/pki/tls/certs/ldap.crt
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/pki/tls/private/ldap.key
modifying entry "cn=config"
ldap_modify: Inappropriate matching (18)
        additional info: modify/add: olcTLSCertificateFile: no equality matching rule


These are the package version numbers I have installed via yum on CentOS 6.5:

openldap-2.4.23-34.el6_5.1.x86_64
openldap-devel-2.4.23-34.el6_5.1.x86_64
openldap-servers-2.4.23-34.el6_5.1.x86_64
openldap-clients-2.4.23-34.el6_5.1.x86_64

Can anyone offer some wisdom as to why this error is happening? Or perhaps offer some better documentation on how to enable the TLS abilities of openldap?

Thanks
Tim

--
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B