Hi all,
I'm running version 2.4.49 on Ubuntu 20.04. I've been unable to add the olcTLSCipherSuite configuration attribute.
# ldapmodify -H ldapi:// -Y EXTERNAL -f set-ciphersuite.ldif
returns:
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
set-ciphersuite.ldif contains the following:
dn: cn=config
changetype: modify
add: olcTLSCipherSuite
olcTLSCipherSuite: ALL
I was able to successfully configure (and confirmed working) TLS by setting the following attributes:
olcTLSCACertificateFile: /etc/ssl/certs/mydomain.fullchain.pem
olcTLSCertificateFile: /etc/ssl/certs/mydomain.cert.pem
olcTLSCertificateKeyFile: /etc/ssl/private/mydomain.privkey.pem
and was just looking to limit which ciphers would be offered.
I've found several discussions (here, on stackoverflow, etc.) that mention this error, but those discussions concerned these latter TLS attributes (which I had no problem adding) and not the olcTLSCipherSuite attribute. They also pointed to file permissions being the issue for the certificate files, which I've confirmed is not an issue. I would be grateful if anyone could point me in the right direction
Ben