Hi all, I'm running version 2.4.49 on Ubuntu 20.04. I've been unable to add the olcTLSCipherSuite configuration attribute.
# ldapmodify -H ldapi:// -Y EXTERNAL -f set-ciphersuite.ldif
returns:
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=config" ldap_modify: Other (e.g., implementation specific) error (80)
set-ciphersuite.ldif contains the following:
dn: cn=config changetype: modify add: olcTLSCipherSuite olcTLSCipherSuite: ALL
I was able to successfully configure (and confirmed working) TLS by setting the following attributes:
olcTLSCACertificateFile: /etc/ssl/certs/mydomain.fullchain.pem olcTLSCertificateFile: /etc/ssl/certs/mydomain.cert.pem olcTLSCertificateKeyFile: /etc/ssl/private/mydomain.privkey.pem
and was just looking to limit which ciphers would be offered.
I've found several discussions (here, on stackoverflow, etc.) that mention this error, but those discussions concerned these latter TLS attributes (which I had no problem adding) and not the olcTLSCipherSuite attribute. They also pointed to file permissions being the issue for the certificate files, which I've confirmed is not an issue. I would be grateful if anyone could point me in the right direction
Ben