Hi Quanah
Thanks for the recommendation. I'm confused, then, that the official openldap.org documentation at https://www.openldap.org/doc/admin26/tls.html does NOT suggest use of cn=config. Can someone explain why?
Thanks tl
Internal Use - Confidential
-----Original Message----- From: Quanah Gibson-Mount quanah@fast-mail.org Sent: Monday, May 15, 2023 2:00 PM To: Lemons, Terry Cc: openldap-technical@openldap.org Subject: RE: Debugging TLS negotiation failure
[EXTERNAL EMAIL]
--On Monday, May 15, 2023 6:25 PM +0000 "Lemons, Terry" Terry.Lemons@dell.com wrote:
So, has most/all of my TLS problems been because I'm not using the correct command to start slapd?
Here is the command I've been using:
/usr/local/libexec/slapd -F /usr/local/etc/slapd.d -s 1 -h "ldap:/// ldaps:///"
What command should I use if I want slapd to read the TLS values from /usr/local/etc/openldap/slapd.conf?
slapd.conf is the historic method of configuring OpenLDAP. General best advise these days is to use cn=config. I would suggest you familiarize yourself with how to use cn=config rather than change to using slapd.conf.
--Quanah