Hello, I'm trying to set up openldap for network authentication of both FreeBSD and Linux machines as well as integrating a samba pdc. I've created a ca with instructions found at:
http://sial.org/howto/openssl/ca/
I've added the appropriate options to slapd.conf, for TLS as i don't want passwords going around in the clear. Slapd starts fine with tls options added, but if i do an ldapsearch -Z i get a can not contact ldap server.
ldapsearch: # extended LDIF # # LDAPv3 # base <dc=davemehler,dc=com> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 13 Confidentiality required text: confidentiality required
# numResponses: 1
I assume this is normal, but the below is what i'm getting with ldapsearch -Z
ldapsearch -Z: ldap_start_tls: Connect error (-11) ldap_result: Can't contact LDAP server (-1)
Here are the tls options i'm using:
slapd.conf: security ssf=128 TLSCipherSuite HIGH TLSCertificateFile /usr/local/etc/openldap/tls/ldap.davemehler.com.crt TLSCertificateKeyFile /usr/local/etc/openldap/tls/ldap.davemehler.com.key TLSCACertificateFile /usr/local/etc/openldap/tls/ca-cert.pem #TLSDHParamFile
I'm not sure what that last file is or how to make it, is it critical?
/usr/local/etc/ldap.conf: ssl start_tls tls_cacert /usr/local/etc/openldap/tls/ca-cert.pem
Checking /var/log/debug.log i'm seeing an error confidentiality required, as if ldap can't read the key, but as i said it's mode 644. Here's the complete transaction:
Jan 27 15:20:04 ldap slapd[73647]: conn=6 fd=10 ACCEPT from IP=192.168.0.203:51704 (IP=0.0.0.0:389) Jan 27 15:20:04 ldap slapd[73647]: conn=6 op=0 BIND dn="" method=128 Jan 27 15:20:04 ldap slapd[73647]: conn=6 op=0 RESULT tag=97 err=0 text= Jan 27 15:20:04 ldap slapd[73647]: conn=6 op=1 SRCH base="dc=davemehler,dc=com" scope=2 deref=0 filter="(&(objectClass=posixGroup))" Jan 27 15:20:04 ldap slapd[73647]: conn=6 op=1 SRCH attr=cn userPassword memberUid uniqueMember gidNumber Jan 27 15:20:04 ldap slapd[73647]: conn=6 op=1 SEARCH RESULT tag=101 err=13 nentries=0 text=confidentiality required Jan 27 15:20:04 ldap slapd[73647]: conn=6 fd=10 closed (connection lost)
Any help appreciated. Thanks. Dave.