Hi all, I'm running version 2.4.49 on Ubuntu 20.04. I've been unable to add the olcTLSCipherSuite configuration attribute.

# ldapmodify -H ldapi:// -Y EXTERNAL -f set-ciphersuite.ldif

returns:

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "cn=config"

ldap_modify: Other (e.g., implementation specific) error (80)

set-ciphersuite.ldif contains the following:

dn: cn=config

changetype: modify

add: olcTLSCipherSuite

olcTLSCipherSuite: ALL

I was able to successfully configure (and confirmed working) TLS by setting the following attributes:

olcTLSCACertificateFile: /etc/ssl/certs/mydomain.fullchain.pem

olcTLSCertificateFile: /etc/ssl/certs/mydomain.cert.pem

olcTLSCertificateKeyFile: /etc/ssl/private/mydomain.privkey.pem

and was just looking to limit which ciphers would be offered.

I've found several discussions (here, on stackoverflow, etc.) that mention this error, but those discussions concerned these latter TLS attributes (which I had no problem adding) and not the olcTLSCipherSuite attribute. They also pointed to file permissions being the issue for the certificate files, which I've confirmed is not an issue. I would be grateful if anyone could point me in the right direction

Ben