I created a CA and signed the certificate as defined the steps.
The ownership is of openldap:openldap for cacert.pem and server.crt and
openldap:ssl-cert for server.key.
rwx permission is 644 for all the three.
Thanks for the reply.
-Asimananda
On Fri, Jul 10, 2009 at 7:47 PM, Matt Kassawara <battery(a)writeme.com> wrote:
How did you create the certificates? Can slapd read them?
On Fri, Jul 10, 2009 at 5:00 AM, Asimananda Mohanty <
asimananda.mohanty(a)gmail.com> wrote:
> Hi All,
>
> I am currently busy configuring OpenLdap on my newly installed Ubuntu
> 9.04.
>
> Here is what I have done till now.
>
> I followed the steps defined in
>
https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html and
> installation was successful. I installed PhpLdapAdmin also.
>
> After I created certificate, key etc, I created a .ldif file
> (enable-ca.ldif) with the following content :
>
> *dn: cn=config
> add: olcTLSCACertificateFile
> olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
> -
> add: olcTLSCertificateFile
> olcTLSCertificateFile: /etc/ssl/certs/server.crt
> -
> add: olcTLSCertificateKeyFile
> olcTLSCertificateKeyFile: /etc/ssl/private/server.key*
>
> Then I executed the command :
>
> *ldapmodify -D "cn=admin,cn=config" -x -w 12345678 -f enable-ca.ldif*
>
> and it was a success.
>
> But after this, when I tried to restart slapd, I got errors like the
> following :
>
> *main: TLS init def ctx failed: -1*
>
> I noticed that after I executed "ldapmodify -D "cn=admin,cn=config" -x
-w
> 12345678 -f enable-ca.ldif", 3 lines are added to
/etc/ldap/slapd.d/cn=config.ldif
> and when I commented the last two lines like the following, slapd started
> successfully.
>
> *olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
> #olcTLSCertificateFile: /etc/ssl/certs/server.crt
> #olcTLSCertificateKeyFile: /etc/ssl/private/server.key*
>
> This looks quite strange.
>
> Please help me resolving the same.
>
> -Asimananda
>