On 21/11/10 17:24 -0500, bluethundr wrote:
I am attempting to setup SSL/TLS support on my openLDAP 2.4 server on FreeBSD.
LBSD2# pkg_info | grep openldap openldap-sasl-client-2.4.23 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.23 Open source LDAP server implementation
LBSD2# cat slapd.conf | grep -i tls ## TLS options for slapd TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /usr/local/etc/openldap/cacerts/bsd2.summitnjhome.com.crt TLSCertificateKeyFile /usr/local/etc/openldap/cacerts/slapd.pem TLSCACertificateFile /usr/local/etc/openldap/cacerts/sf_issuing.crt
Connection closed by 127.0.0.1
[root@VIRTCENT08:/etc/openldap/cacerts]#getent passwd | grep ldapAccount [same interminable wait as above]
This is what my /etc/ldap.conf file looks like on the client:
[root@VIRTCENT08:/etc/openldap/cacerts]#cat /etc/ldap.conf base dc=summitnjhome,dc=com timelimit 120 bind_timelimit 120 idle_timelimit 3600 uri ldap://ldap.summitnjhome.com/ ssl start_tls tls_cacertdir /etc/openldap/cacerts pam_password crypt
<commented out lines removed>
Does an ldapsearch -d -1 -ZZ successfully connect?
If so, then that should rule out a problem with your slapd configuration and ldap client library configuration (the options within your ldap.conf used by the OpenLDAP client library). In that case, you might focus on your ldap nss configuration.