I ran the command "slapd -d 16383" and attached is the output of the same in
case it may prove to be useful.
In this output, ldap-company.com.crt is server.crt as defined in in my
earlier mails. I have changed it to try some luck, but it was fruitless.
On Mon, Jul 13, 2009 at 10:55 AM, Asimananda Mohanty <
I created the certificates following the procedure defined in
I created a CA and signed the certificate as defined the steps.
The ownership is of openldap:openldap for cacert.pem and server.crt and
openldap:ssl-cert for server.key.
rwx permission is 644 for all the three.
Thanks for the reply.
On Fri, Jul 10, 2009 at 7:47 PM, Matt Kassawara <battery(a)writeme.com>wrote:
> How did you create the certificates? Can slapd read them?
> On Fri, Jul 10, 2009 at 5:00 AM, Asimananda Mohanty <
> asimananda.mohanty(a)gmail.com> wrote:
>> Hi All,
>> I am currently busy configuring OpenLdap on my newly installed Ubuntu
>> Here is what I have done till now.
>> I followed the steps defined in
>> installation was successful. I installed PhpLdapAdmin also.
>> After I created certificate, key etc, I created a .ldif file
>> (enable-ca.ldif) with the following content :
>> *dn: cn=config
>> add: olcTLSCACertificateFile
>> olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
>> add: olcTLSCertificateFile
>> olcTLSCertificateFile: /etc/ssl/certs/server.crt
>> add: olcTLSCertificateKeyFile
>> olcTLSCertificateKeyFile: /etc/ssl/private/server.key*
>> Then I executed the command :
>> *ldapmodify -D "cn=admin,cn=config" -x -w 12345678 -f enable-ca.ldif*
>> and it was a success.
>> But after this, when I tried to restart slapd, I got errors like the
>> following :
>> *main: TLS init def ctx failed: -1*
>> I noticed that after I executed "ldapmodify -D
"cn=admin,cn=config" -x -w
>> 12345678 -f enable-ca.ldif", 3 lines are added to
>> and when I commented the last two lines like the following, slapd started
>> *olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
>> #olcTLSCertificateFile: /etc/ssl/certs/server.crt
>> #olcTLSCertificateKeyFile: /etc/ssl/private/server.key*
>> This looks quite strange.
>> Please help me resolving the same.