Hey Dan,
Those
docs you pointed me to worked beautifully! And thanks for the examples
from your own config. I've used those too. Worked great! Thanks again.
Although
I do also apprecaite the advice to read the official docs. Good advice,
however the ones that I've been pointed to worked well for me. I'll
read the official docs for a fuller understanding tho.
Tim
I have simply
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/ldap.icpsr.umich.edu.crt
TLSCertificateKeyFile /etc/pki/tls/private/ldap.icpsr.umich.edu.key
in my slapd.conf. CACertificateFile is almost certainly not required for a server cert.
Maybe you are running into an oddity of the cn=config? Have you tried just opening up the permissions to make sure the files are world readable? no selinux involved?
Folks on the list will probably yell at you to use the current version rather than the centos packages.
If you look through the archives for the last few weeks, you will find a pointer to a site that has rpm builds of current openldap.
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/ldap.icpsr.umich.edu.crt
TLSCertificateKeyFile /etc/pki/tls/private/ldap.icpsr.umich.edu.key
in my slapd.conf. CACertificateFile is almost certainly not required for a server cert.
Maybe you are running into an oddity of the cn=config? Have you tried just opening up the permissions to make sure the files are world readable? no selinux involved?
Folks on the list will probably yell at you to use the current version rather than the centos packages.
If you look through the archives for the last few weeks, you will find a pointer to a site that has rpm builds of current openldap.