Hey ldap folks!
I've attempted to add TLS capabilities to my newly created LDAP server using the following document:
http://www.server-world.info/en/note?os=CentOS_6&p=ldap&f=3
This is how my cert files are looking in terms of ownership and permissions:
[root@puppet:~] #ls -l /etc/pki/tls/*/* | grep ldap -r-------- 1 ldap root 1241 Feb 19 13:06 /etc/pki/tls/certs/ldap.crt -r-------- 1 ldap root 1021 Feb 19 13:05 /etc/pki/tls/misc/ldap.csr -r-------- 1 ldap root 1679 Feb 19 13:01 /etc/pki/tls/private/ldap.key
I got to the point where I'm attempting to add the configuration parameters to my ldap setup like so:
[root@puppet:~] #ldapmodify -Y EXTERNAL -H ldapi:/// SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn: cn=config add: olcTLSCertificateFile olcTLSCertificateFile: /etc/pki/tls/certs/ldap.crt - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/pki/tls/private/ldap.key modifying entry "cn=config" ldap_modify: Inappropriate matching (18) additional info: modify/add: olcTLSCertificateFile: no equality matching rule
These are the package version numbers I have installed via yum on CentOS 6.5:
openldap-2.4.23-34.el6_5.1.x86_64 openldap-devel-2.4.23-34.el6_5.1.x86_64 openldap-servers-2.4.23-34.el6_5.1.x86_64 openldap-clients-2.4.23-34.el6_5.1.x86_64
Can anyone offer some wisdom as to why this error is happening? Or perhaps offer some better documentation on how to enable the TLS abilities of openldap?
Thanks Tim