RE: [EXT]:Re: OpenLDAP SSLV3 disable
--On Tuesday, November 9, 2021 5:41 AM +0000 "Ballem, Narayanan"
<Narayanan.Ballem(a)Staples.com> wrote:
Is this possible to give slapd.conf reference file .
I did updated config section and restart the slapd but that did not
helped.
This would be an extremely basic slapd.conf file:
include /usr/local/etc/openldap/schema/core.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
loglevel stats
TLSCACertificateFile /path/to/ca/cert
TLSCertificateFile /path/to/server/cert
TLSCertificateKeyFile /path/to/server/private/key
TLSProtocolMin 3.3
modulepath /usr/local/lib/openldap
moduleload back_mdb.la
database config
rootpw secret
database mdb
maxsize 1073741824
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw secret
directory /usr/local/var/openldap-data
index objectClass eq
database monitor
If you are still unable to set the minimum protocol, I would advise
confirming what TLS library your slapd build is linked to. For example,
the TLSProtocolMin parameter has no effect when slapd is linked to GnuTLS.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>