I'm new in LDAP and I used the same documentation you followed, but here's another one... and to be honest, I didn't execute this 'ldapmodify...' http://easylinuxtutorials.blogspot.com.br/2013/11/installing-configuring-ope...
Tks, Daniel
On Wed, Feb 19, 2014 at 3:35 PM, Tim Dunphy bluethundr@gmail.com wrote:
Hey ldap folks!
I've attempted to add TLS capabilities to my newly created LDAP server using the following document:
http://www.server-world.info/en/note?os=CentOS_6&p=ldap&f=3
This is how my cert files are looking in terms of ownership and permissions:
[root@puppet:~] #ls -l /etc/pki/tls/*/* | grep ldap -r-------- 1 ldap root 1241 Feb 19 13:06 /etc/pki/tls/certs/ldap.crt -r-------- 1 ldap root 1021 Feb 19 13:05 /etc/pki/tls/misc/ldap.csr -r-------- 1 ldap root 1679 Feb 19 13:01 /etc/pki/tls/private/ldap.key
I got to the point where I'm attempting to add the configuration parameters to my ldap setup like so:
[root@puppet:~] #ldapmodify -Y EXTERNAL -H ldapi:/// SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn: cn=config add: olcTLSCertificateFile olcTLSCertificateFile: /etc/pki/tls/certs/ldap.crt
add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/pki/tls/private/ldap.key modifying entry "cn=config" ldap_modify: Inappropriate matching (18) additional info: modify/add: olcTLSCertificateFile: no equality matching rule
These are the package version numbers I have installed via yum on CentOS 6.5:
openldap-2.4.23-34.el6_5.1.x86_64 openldap-devel-2.4.23-34.el6_5.1.x86_64 openldap-servers-2.4.23-34.el6_5.1.x86_64 openldap-clients-2.4.23-34.el6_5.1.x86_64
Can anyone offer some wisdom as to why this error is happening? Or perhaps offer some better documentation on how to enable the TLS abilities of openldap?
Thanks Tim
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B