Full_Name: Warron French Version: 2.4.38 LTB Project OS: CentOS-6.5 URL: Submission from: (NULL) (130.221.145.5)

LTB-Project.org or OpenLDAP.org developers, please help:

I am running CentOS-6.5 (on all machines in my little lab) and attempting to setup an LDAP server for user-account authentication, which requires TLS. My CentOS-6.5 machines are all running kernel 2.6.32-431.3.1.el6.x86_64. Also, the version of OpenLDAP I am running based on a suggestion from a user is LTB-Project.org's OpenLDAP-2.4.38, because the version that came natively available with CentOS-6.5's repos was a very old 2.4.23.

I am writing a document in order to successfully repeat the build/configuration steps from my lab and lessons learned into a production system.

The following is where I am...

I am still having problems with adding (via .ldif file) the following LDIF file contents of /tmp/LDAP-CONFIG-TLS.ldif: dn: cn=config changetype: modify add: olcTLSCipherSuite olcTLSCipherSuite: TLSv1+RSA:!EXP:!MD5:!NULL (<- not sure if that argument is valid for that CipherSuite selection either)

I use the following ldapmodify command: ldapmodify -x -D "cn=admin,cn=config" -W -f /tmp/LDAP-CONFIG-TLS.ldif

Because I have debugging turned up (to -d 32768), the results now look like: modifying entry "cn=config" 52e68423 connection_input: conn=1000 deferring operation: binding slapd: result.c:813: slap_send_ldap_result: Assertion `!((rs->sr_err)<0)' failed. ldap_result: Can't contact LDAP server (-1)

I saw a thread on openldap.org on the following link, http://www.openldap.org/lists/openldap-bugs/201308/msg00066.html , that has the exact same error. I can see that Howard Chu from Symas fixed the problem for Symas, did LTB Project fix this problem? I cannot find any threads via websearch for this issue.

My /var/log/openldap.log file does not show anything extra. In fact a tail of the log file doesn't even show any errors really.

What do I need to do in order to get my LDAP running with TLS?

Thank you for any help, I am losing my sanity.