Hi,
the internet is full of "tips" to solve the above problem. I'm pulling my hairs and can not find the real issue since days. any help is greatly appreciated.
--------- enable_ssl.ldiff --------------- dn: cn=config changetype: modify add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/key.key
dn: cn=config changetype: modify add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/cert.pem --------- enable_ssl.ldiff ---------------
# ls -alh /etc/ldap/cert.pem /etc/ldap/key.key -rwxrwxrwx 1 root root 1,1K Mär 1 21:43 /etc/ldap/cert.pem -rwxrwxrwx 1 root root 1,7K Mär 1 21:21 /etc/ldap/key.key
# openssl rsa -noout -modulus -in /etc/ldap/key.key | openssl md5 (stdin)= 45b4165df200817a20857fb453acd33e # openssl x509 -noout -modulus -in /etc/ldap/cert.pem | openssl md5 (stdin)= 45b4165df200817a20857fb453acd33e
# head -n2 /etc/ldap/cert.pem -----BEGIN CERTIFICATE----- MIIFmDCCBICgAwIBAgIQBFMR6HMGTGjQIjSj4sQX+TANBgkqhkiG9w0BAQsFADBu # head -n2 /etc/ldap/key.key -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAvrDddMwXoy10diqDpqd45jaC8HiGKz7KC5X3W0ZLvCshylu0
ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v
# ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v ldap_initialize( ldapi:///??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 add olcTLSCertificateKeyFile: /etc/ldap/key.key modifying entry "cn=config" ldap_modify: Other (e.g., implementation specific) error (80)
I can however modify other values like *olcLogLevel* without problems.
Debian 10 latest: 2.4.47+dfsg-3+deb10u6 # slapd -VVV @(#) $OpenLDAP: slapd (Feb 14 2021 18:32:34) $ Debian OpenLDAP Maintainers pkg-openldap-devel@lists.alioth.debian.org
Included static backends: config ldif
Stefan.