I know there are a lot of question on this topic and ask for your patience.
I'm trying to figure out how to discern if slapd is properly configured for SSL/TLS. Reading through the slapd strace output shows that the cacert & certfile are being opened & read
slapd v2.3.27
When I look at netstat -an ports 389 & 636 are listening: tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN
slapd.conf: TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLS_CACertificateFile /var/data/ca/cacert.pem TLS_CertificateFile /var/data/ca/newcerts/ldap1cert.pem TLS_CertificateKeyFile /etc/openldap/ldap1keyclear.txt TLSVerifyClient never
Reading through the strace output shows that the cacert & certfile are being opened.
ldap.conf BASE dc=gmartin, dc=org URI ldap://linux2.gmartin.org TLS_CACERT /var/data/ca/cacert.pem
ldaprc: TLS_CACERT /var/data/ca/cacert.pem
When I try ldapsearch or openssl s_client, I receive: sslv3 alert handshake failure
And using slapd debug I see: TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher s3_srvr.c:97
I checked the FAQ and I think I've looked at everything there. Not sure where to look next.
\Greg