--On Wednesday, October 19, 2022 2:25 PM -0400 Timothy Stonis tim@stonis.com wrote:
Thanks for the suggestion. Prior, I tried using slapmodify to make the change, but I got the message the database was not writeable even running as root. Is there an ACL I need to set on cn=config to get slapmodify to work? It's linked against openssl 1.1.
slapmodify is an offline command so no ACLs would apply. What was your exact slapmodify command?
Okay, I got the info they could be used directly from: "For TLS, under 2.4 the filesystem location of the keys and certificates were stored in cn=config; as of 2.5, the keys and certificates themselves can be stored inside the database." In this article:
https://www.symas.com/post/howard-chu-shares-what-to-expect-with-openldap -2-5
I checked with Howard, this was apparently implemented at the same time as slapo-autoca, but the docs on how to do this appear to be missing, will see if an issue needs to be raised for a doc update.
Regards, Quanah