Hi,
I ran the command "slapd -d 16383" and attached is the output of the same in
case it may prove to be useful.
In this output, ldap-company.com.crt is server.crt as defined in in my
earlier mails. I have changed it to try some luck, but it was fruitless.
-Asimananda
On Mon, Jul 13, 2009 at 10:55 AM, Asimananda Mohanty <
asimananda.mohanty(a)gmail.com> wrote:
Hi Matt,
I created the certificates following the procedure defined in
https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html
I created a CA and signed the certificate as defined the steps.
The ownership is of openldap:openldap for cacert.pem and server.crt and
openldap:ssl-cert for server.key.
rwx permission is 644 for all the three.
Thanks for the reply.
-Asimananda
On Fri, Jul 10, 2009 at 7:47 PM, Matt Kassawara <battery(a)writeme.com>wrote:
> How did you create the certificates? Can slapd read them?
>
>
> On Fri, Jul 10, 2009 at 5:00 AM, Asimananda Mohanty <
> asimananda.mohanty(a)gmail.com> wrote:
>
>> Hi All,
>>
>> I am currently busy configuring OpenLdap on my newly installed Ubuntu
>> 9.04.
>>
>> Here is what I have done till now.
>>
>> I followed the steps defined in
>>
https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html and
>> installation was successful. I installed PhpLdapAdmin also.
>>
>> After I created certificate, key etc, I created a .ldif file
>> (enable-ca.ldif) with the following content :
>>
>> *dn: cn=config
>> add: olcTLSCACertificateFile
>> olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
>> -
>> add: olcTLSCertificateFile
>> olcTLSCertificateFile: /etc/ssl/certs/server.crt
>> -
>> add: olcTLSCertificateKeyFile
>> olcTLSCertificateKeyFile: /etc/ssl/private/server.key*
>>
>> Then I executed the command :
>>
>> *ldapmodify -D "cn=admin,cn=config" -x -w 12345678 -f enable-ca.ldif*
>>
>> and it was a success.
>>
>> But after this, when I tried to restart slapd, I got errors like the
>> following :
>>
>> *main: TLS init def ctx failed: -1*
>>
>> I noticed that after I executed "ldapmodify -D
"cn=admin,cn=config" -x -w
>> 12345678 -f enable-ca.ldif", 3 lines are added to
/etc/ldap/slapd.d/cn=config.ldif
>> and when I commented the last two lines like the following, slapd started
>> successfully.
>>
>> *olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
>> #olcTLSCertificateFile: /etc/ssl/certs/server.crt
>> #olcTLSCertificateKeyFile: /etc/ssl/private/server.key*
>>
>> This looks quite strange.
>>
>> Please help me resolving the same.
>>
>> -Asimananda
>>
>
>