Meghanand Acharekar wrote:
Sorry for the spelling mistake
using /usr/local/libexec/slapd -s 256 -h "ldaps:///"
And getting the error "daemon: TLS not supported (ldaps:///)" is syslog, I have searched mailing list, the one possible reason mentioned was "openldap is not compiled with TLS support" but I have verified this using ldd.
What you have verified here is that slapd is not linked with any SSL/TLS library, so most probably, was not compiled with TLS support.
ldd /usr/local/libexec/slapd linux-vdso.so.1 => (0x00007fff1f7ff000) libdb-4.7.so http://libdb-4.7.so/ => /usr/lib/libdb-4.7.so http://libdb-4.7.so/ (0x00007f80960b4000) libpthread.so.0 => /lib/libpthread.so.0 (0x00007f8095e98000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007f8095c7e000) libdl.so.2 => /lib/libdl.so.2 (0x00007f8095a7a000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007f8095843000) libresolv.so.2 => /lib/libresolv.so.2 (0x00007f809562c000) libwrap.so.0 => /lib/libwrap.so.0 (0x00007f8095423000) libc.so.6 => /lib/libc.so.6 (0x00007f80950c2000) /lib64/ld-linux-x86-64.so.2 (0x00007f8096428000) libnsl.so.1 => /lib/libnsl.so.1 (0x00007f8094ea9000)
I'm not sure whether the problem in certificates could be the reason for this. In my slapd.conf I've following lines related to TLS.
TLSCACertificateFile /usr/local/etc/openldap/ca-bundle.crt TLSCertificateFile /usr/local/etc/openldap/slapd.pem TLSCertificateKeyFile /usr/local/etc/openldap/slapd.pem