Stefan Bauer wrote:
Hi,
the internet is full of "tips" to solve the above problem. I'm pulling my hairs and can not find the real issue since days. any help is greatly appreciated.
Do the change as a single operation:
dn: cn=config changetype: modify add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/key.key - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/cert.pem
--------- enable_ssl.ldiff --------------- dn: cn=config changetype: modify add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/key.key
dn: cn=config changetype: modify add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/cert.pem --------- enable_ssl.ldiff ---------------
# ls -alh /etc/ldap/cert.pem /etc/ldap/key.key -rwxrwxrwx 1 root root 1,1K Mär 1 21:43 /etc/ldap/cert.pem -rwxrwxrwx 1 root root 1,7K Mär 1 21:21 /etc/ldap/key.key
# openssl rsa -noout -modulus -in /etc/ldap/key.key | openssl md5 (stdin)= 45b4165df200817a20857fb453acd33e # openssl x509 -noout -modulus -in /etc/ldap/cert.pem | openssl md5 (stdin)= 45b4165df200817a20857fb453acd33e
# head -n2 /etc/ldap/cert.pem -----BEGIN CERTIFICATE----- MIIFmDCCBICgAwIBAgIQBFMR6HMGTGjQIjSj4sQX+TANBgkqhkiG9w0BAQsFADBu # head -n2 /etc/ldap/key.key -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAvrDddMwXoy10diqDpqd45jaC8HiGKz7KC5X3W0ZLvCshylu0
ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v
# ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v ldap_initialize( ldapi:///??base ) SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 add olcTLSCertificateKeyFile: /etc/ldap/key.key modifying entry "cn=config" ldap_modify: Other (e.g., implementation specific) error (80)
I can however modify other values like /olcLogLevel/ without problems.
Debian 10 latest: 2.4.47+dfsg-3+deb10u6 # slapd -VVV @(#) $OpenLDAP: slapd (Feb 14 2021 18:32:34) $ Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org mailto:pkg-openldap-devel@lists.alioth.debian.org>
Included static backends: config ldif
Stefan.