-----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Tuesday, June 25, 2013 6:36 PM To: Rodney Simioni; openldap-technical@openldap.org Subject: Re: unsupported extended operation
Rodney Simioni wrote:
Hi,
I just compiled openldap with: ./configure --prefix=/usr/local/openldap --enable-ldap --with-tls=openssl --with-cyrus-sasl --enable-crypt
I did a 'make depend', 'make', and a 'make install'; I didn't see any
errors.
I fired up ldap with: './slapd -d127 -h "ldap:///"'
Then I went to test my install with:' ldapsearch -x -ZZ -d1 -H
ldap://blah.com/'
And I'm still getting:
ldap_msgfree
ldap_err2string
ldap_start_tls: Protocol error (2)
additional info: unsupported extended operationldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 3
ldap_free_connection: actually freed
Does anybody have a clue?
You haven't configured any of the TLS settings in the server yet. [[Rod's comment]]
This is my /usr/local/openldap/etc/openldap/ldap.conf
TLS_CACERTDIR /root # in root dir testing only, cert owned by ldap user URI ldap://blah.securesites.com/ BASE dc=wh,dc=local
This is my slapd.ldif
olcTLSCACertificatePath: /root olcTLSCertificateFile: /root/wildcard.securesites.com.cert olcTLSCertificateKeyFile: /root/wildcard.securesites.com.key
This is my /usr/local/openldap/etc/openldap/slapd.conf
TLSCipherSuite HIGH:MEDIUM:-SSLv2 TLSCACertificateFile /root/wildcard.securesites.com.cert TLSCertificateFile /root/wildcard.securesites.com.cert TLSCertificateKeyFile /root/wildcard.securesites.com.key ~