Hello
I am trying to configure openLDAP on Centos 6.8 with SSL.
LDAP version : @(#) $OpenLDAP: slapd 2.4.40 (May 10 2016 23:30:49) $ mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/build-servers/servers/slapd
LDAP service is running with ldaps:// support :
ps -ef | grep slap ldap 22182 1 0 20:07 ? 00:00:00 /usr/sbin/slapd -h ldap:/// ldaps:/// ldapi:/// -u ldap root 22193 22118 0 20:07 pts/0 00:00:00 grep slap
netstat -plane | grep 636 tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 0 45649460 22182/slapd tcp 0 0 :::636 :::* LISTEN 0 45649461 22182/slapd
When I try to do an LDAP search, it fails to connect and the log shows :
Dec 31 13:02:12 slap01 slapd[23776]: conn=1119 fd=13 ACCEPT from IP=xx.xx.xx.xx:45426 (IP=0.0.0.0:636) Dec 31 13:02:12 slap01 slapd[23776]: conn=1119 fd=13 closed (TLS negotiation failure)
My /etc/openldap/slapd.conf file has the following lines :
TLSCACertificateFile /etc/letsencrypt/live/slap01.domain.tld/fullchain.pem TLSCertificateFile /etc/letsencrypt/live/slap01.domain.tld/cert.pem TLSCertificateKeyFile /etc/letsencrypt/live/slap01.domain.tld/privkey.pem
What else do I need to make openLDAP work with my let's encrypt SSL-certificate ?
I've tried adding :
TLSCACertificatePath /usr/share/pki/ca-trust-source
But no success.
Kind regards
Jonas.