Thanks for pointing that out, I've verified it at all.

Regards,

Meghanand N. Acharekar

On Wed, May 11, 2011 at 1:00 PM, Howard Chu <hyc@symas.com> wrote:

Meghanand Acharekar wrote:

Sorry for the spelling mistake

using /usr/local/libexec/slapd -s 256 -h "ldaps:///"

And getting the error "daemon: TLS not supported (ldaps:///)" is syslog,
I have searched mailing list, the one possible reason mentioned was "openldap
is not compiled with TLS support" but I have verified this using ldd.

What you have verified here is that slapd is not linked with any SSL/TLS library, so most probably, was not compiled with TLS support.

ldd /usr/local/libexec/slapd
linux-vdso.so.1 =>  (0x00007fff1f7ff000)

libdb-4.7.so <http://libdb-4.7.so/> => /usr/lib/libdb-4.7.so
<http://libdb-4.7.so/> (0x00007f80960b4000)

libpthread.so.0 => /lib/libpthread.so.0 (0x00007f8095e98000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007f8095c7e000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f8095a7a000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007f8095843000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00007f809562c000)
libwrap.so.0 => /lib/libwrap.so.0 (0x00007f8095423000)
libc.so.6 => /lib/libc.so.6 (0x00007f80950c2000)
/lib64/ld-linux-x86-64.so.2 (0x00007f8096428000)
libnsl.so.1 => /lib/libnsl.so.1 (0x00007f8094ea9000)

I'm not sure whether the problem in certificates could be the reason for this.
In my slapd.conf I've following lines related to TLS.

TLSCACertificateFile /usr/local/etc/openldap/ca-bundle.crt
TLSCertificateFile /usr/local/etc/openldap/slapd.pem
TLSCertificateKeyFile /usr/local/etc/openldap/slapd.pem

--
 -- Howard Chu
 CTO, Symas Corp.           http://www.symas.com
 Director, Highland Sun     http://highlandsun.com/hyc/
 Chief Architect, OpenLDAP  http://www.openldap.org/project/