Hi, Everybody

Thanks a lot for interesting in my problem. I've fixed it. The problem was permissions. User openldap wasn't able to read /etc/ssl/certs directory.

CheerS

On Sun, Jan 8, 2017 at 10:20 AM, MrBiTs <mrbits.dcf@gmail.com> wrote:
Hello, all. Happy 2017

From the years 2009 to 2012 I've administrate as OpenLDAP cluster using SSL configurations, something like that:

backend hdb
sizelimit unlimited
allow bind_v2
concurrency 100

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile: /etc/ssl/certs/ca_server.pem
TLSCertificateFile: /etc/ssl/certs/ldap_server.pem
TLSCertificateKeyFile: /etc/ssl/private/ldap_server.key
TLSVerifyClient never

access to attrs=userPassword by anonymous auth by self write by * none
access to * by self write by * none


loglevel 3
# Database configuration

database hdb
suffix "dc=example,dc=com"

This year I'll start to admin another cluster, now installed in Ubuntu 16.04 using:

slapd/xenial-updates,now 2.4.42+dfsg-2ubuntu3.1 amd64 [installed]
  OpenLDAP server (slapd)

If I remove TLS directives from slapd.conf, the server runs fine but, of course, just using LDAP protocol without any kind of cryptography. Using the TLS directives, I always have the error 

/etc/ldap/slapd.conf: line 27: unknown directive <TLSCertificateFile:> outside backend info and database definitions.

I did research in Google and read man 5 slapd.conf and I GUESS directives are in the right place in slapd.conf. 

Anybody face this error recently and can help me with some tips?

Thanks in advance



--



--