Hi,
The "is not readable by "ldap"" error happens when i start ldap using /etc/rc.d/init.d/ldap restart These three lines are the source of the problem, if i remove them then no warning message on restart.
TLSCACertificateFile server.pem TLSCertificateFile server.pem TLSCertificateKeyFile server.pem
I have moved this file to /etc/openldap/cacerts and changed the above three path accordingly. I have also modified ldap.conf to have TLS_CACERT which allows me to do ldapsearch(before it was giving ssl verify problem)now with ldaps://localhost on the same sytem.
I still get this when i restart the ldap server using /etc/rc.d/init.d/ldap restart, notice the er.pem after ldap - is it not picking up the path. correctly or its a harmless warning now that ldaps is working i think it is harmless.
is not readable by "ldap"er.pem [WARNING] is not readable by "ldap"er.pem [WARNING] is not readable by "ldap"er.pem [WARNING] Checking configuration files for slapd: [ OK ] Starting slapd: [ OK ]
------------------------------------------------ Problem on windows: pLdapConnection = ldap_sslinit(pHost,LDAP_SSL_PORT, 1); // fine - connecting to 636 iRtn = ldap_set_option(pLdapConnection, LDAP_OPT_PROTOCOL_VERSION, (void*)&version); //fine
long option; printf("Checking if SSL is enabled\n"); iRtn = ldap_get_option(pLdapConnection,LDAP_OPT_SSL,(void*)&option);
Here i get returned 0 in option meaning ssl is disabled.
Also if i connect afterwards, i get 0x51(Cannot contact the LDAP server) connectSuccess = ldap_connect(pLdapConnection, NULL);
How can i use ssl based openldap authentication on windows client? Do i have to move the self signed server.pem to windows, i tried to add it to certificate store by changing server.pem to server.cer?
Regards, rui
On Wed, Jan 5, 2011 at 8:12 AM, Dieter Kluenter dieter@dkluenter.de wrote:
Am Tue, 4 Jan 2011 16:52:06 +0000 schrieb rui guideveloper@gmail.com:
Hi
I am trying to enable tls based session with openldap from a client. I created a self signed certificate based on command from http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.1 My server.pem file is in /etc/openldap directory where slapd.conf is located.
This document is not recommended
Here are further settings in my slapd.conf TLSCACertificateFile server.pem TLSCertificateFile server.pem TLSCertificateKeyFile server.pem
TLSVerifyClient never
When I restart the ldap, it gives me the following warnings. is not readable by "ldap" [WARNING] is not readable by "ldap" [WARNING] is not readable by "ldap" [WARNING] Checking configuration files for slapd: [ OK ] Starting slapd: [ OK ]
This are not slapd warnings, what is the sosurce of this result report?
I have checked the ps output and it is started as: ldap 6883 1 0 16:18 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldap:/// ldaps:///
AND netstat -anp | grep slapd tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 7850/slapd tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 7850/slapd tcp 0 0 ip:389 ip:43165 ESTABLISHED 7850/slapd tcp 0 0 :::389 :::* LISTEN 7850/slapd tcp 0 0 :::636 :::* LISTEN 7850/slapd unix 2 [ ] DGRAM 302231743 7850/slapd
And what is your problem? slapd is listening on ports 389 and 636
-Dieter
-- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E