How did you create the certificates? Can slapd read them?
On Fri, Jul 10, 2009 at 5:00 AM, Asimananda Mohanty < asimananda.mohanty@gmail.com> wrote:
Hi All,
I am currently busy configuring OpenLdap on my newly installed Ubuntu 9.04.
Here is what I have done till now.
I followed the steps defined in https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html and installation was successful. I installed PhpLdapAdmin also.
After I created certificate, key etc, I created a .ldif file (enable-ca.ldif) with the following content :
*dn: cn=config add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/server.crt
add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ssl/private/server.key*
Then I executed the command :
*ldapmodify -D "cn=admin,cn=config" -x -w 12345678 -f enable-ca.ldif*
and it was a success.
But after this, when I tried to restart slapd, I got errors like the following :
*main: TLS init def ctx failed: -1*
I noticed that after I executed "ldapmodify -D "cn=admin,cn=config" -x -w 12345678 -f enable-ca.ldif", 3 lines are added to /etc/ldap/slapd.d/cn=config.ldif and when I commented the last two lines like the following, slapd started successfully.
*olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem #olcTLSCertificateFile: /etc/ssl/certs/server.crt #olcTLSCertificateKeyFile: /etc/ssl/private/server.key*
This looks quite strange.
Please help me resolving the same.
-Asimananda