http://www.openldap.org/doc/admin24/tls.html
And maybe something like this: https://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.cmc...
-----Original Message----- From: Dmitri Seletski [mailto:drjoms@gmail.com] Sent: maandag 19 augustus 2019 21:26 To: openldap-technical@openldap.org Subject: any working documentation?
Hello.
I am new to the list, so if you gonna beat me with your feet - please don't hit me in the face.
I did not find help/user list. So post here.
Where can I find working documentation for OpenLDAP?
Most current i found:
https://www.openldap.org/doc/admin24/quickstart.html
It says nothing of TLS encryption. I fail to start service
See output below:
TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_convert: INFO: trying to open NSS DB with CACertDir = `/etc/openldap/certs'. tlsmc_open_nssdb: INFO: trying to initialize moznss using security dir `/etc/openldap` prefix `certs`. tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap' tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = `/etc/openldap/certs/password' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS: could not use certificate `OpenLDAP Server'. TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:402 TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404 TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468 5d5af51b main: TLS init def ctx failed: -1 5d5af51b slapd destroy: freeing system resources. 5d5af51b slapd stopped. 5d5af51b connections_destroy: nothing to destroy.
Where can I submit errata to documentation maintainer?(as quick start clearly doesn't work in my default install of OpenLDAP on CentOS 7)
And how can I start SLAPD without encryption?
I can generate self signed private/public key and make ln -s of my CA cert folder to 'cacertdir = `/etc/openldap'', but this seems SOOO unnecessary. At least on 'try out' step.
Thanks in advance
Dmitri