[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: olcTLSCACertificateFile and olcTLSCertificateFile displayed as encrypted?

Am 26.09.2018 um 22:11 schrieb Jean-Francois Malouin:
> Hi>
> Not a very important question, just a little puzzled by this...
> Is there a reason why the olcTLSCACertificateFile and olcTLSCertificateFile
> paths show up as encrypted in this cn=config search?
> 
> slapd 2.4.46 on Debian 9.5 (Stretch)
> 
> ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b 'cn=config' -s base
> dn: cn=config
> objectClass: olcGlobal
> cn: config
> olcArgsFile: /var/run/slapd/slapd.args
> olcLogLevel: stats
> olcLogLevel: sync
> olcPidFile: /var/run/slapd/slapd.pid
> olcServerID: 1
> olcTLSCACertificateFile:: IC9ldGMvbGRhcC9zc2wvQ09NT0RPX0NBX2J1bmRsZS5jcnQ=
> olcTLSCertificateFile:: ICAgL2V0Yy9sZGFwL3NzbC9TVEFSX2JpY19tbmlfbWNnaWxsX2NhLmNydA==
> olcTLSCertificateKeyFile: /etc/ldap/ssl/STAR_bic_mni_mcgill_ca.key
> olcTLSCipherSuite: NORMAL
> olcTLSVerifyClient: allow
> olcToolThreads: 1
> 
> There is an extra ':' ...
> 
> When I edit/display the cn=config with ldapvi (old fart here!) they show up as:
> 
> olcTLSCACertificateFile:;  /etc/ldap/ssl/COMODO_CA_bundle.crt
> olcTLSCertificateFile:;    /etc/ldap/ssl/STAR_bic_mni_mcgill_ca.crt
> 

Hi,
everything looks good, the "::" is a notation for base64 coding of
values. Your filenames have spaces inside.

You have no problems, if you want to check your Values

# echo ICAgL2V0Yy9sZGFwL3NzbC9TVEFSX2JpY19tbmlfbWNnaWxsX2NhLmNydA== |
base64 -d

hth

best regards
Michael


> again, notice the ';' this time...
> 
> Just curious!
> 
> Thanks,
> jf
>