I created a CA and signed the certificate as defined the steps.
The ownership is of openldap:openldap for cacert.pem and server.crt and
openldap:ssl-cert for server.key.
rwx permission is 644 for all the three.
Thanks for the reply.
On Fri, Jul 10, 2009 at 7:47 PM, Matt Kassawara <battery(a)writeme.com> wrote:
How did you create the certificates? Can slapd read them?
On Fri, Jul 10, 2009 at 5:00 AM, Asimananda Mohanty <
> Hi All,
> I am currently busy configuring OpenLdap on my newly installed Ubuntu
> Here is what I have done till now.
> I followed the steps defined in
> installation was successful. I installed PhpLdapAdmin also.
> After I created certificate, key etc, I created a .ldif file
> (enable-ca.ldif) with the following content :
> *dn: cn=config
> add: olcTLSCACertificateFile
> olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
> add: olcTLSCertificateFile
> olcTLSCertificateFile: /etc/ssl/certs/server.crt
> add: olcTLSCertificateKeyFile
> olcTLSCertificateKeyFile: /etc/ssl/private/server.key*
> Then I executed the command :
> *ldapmodify -D "cn=admin,cn=config" -x -w 12345678 -f enable-ca.ldif*
> and it was a success.
> But after this, when I tried to restart slapd, I got errors like the
> following :
> *main: TLS init def ctx failed: -1*
> I noticed that after I executed "ldapmodify -D "cn=admin,cn=config" -x
> 12345678 -f enable-ca.ldif", 3 lines are added to
> and when I commented the last two lines like the following, slapd started
> *olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
> #olcTLSCertificateFile: /etc/ssl/certs/server.crt
> #olcTLSCertificateKeyFile: /etc/ssl/private/server.key*
> This looks quite strange.
> Please help me resolving the same.