Hi, i wanted to activate the TLS / SSL encryption for my OpenLDAP server. After I created the certificates and wanted to paste the information into the backend, I got the following error message:
... root@dsme01:~# ldapadd -x -D cn=admin,cn=config -W -f /etc/ldap/tls.ldif Enter LDAP Password: modifying entry "cn=config" modifying entry "cn=config" ldap_modify: Other (e.g., implementation specific) error (80) ...
The first entry was accepted. But not the second and third. Here is my ldif file:
... root@dsme01:~# cat /etc/ldap/tls.ldif ########################################################### # CONFIGURATION for Support of TLS ########################################################### # Add TLS supported access to user passwords for LDAP clients # to the LDAP config. dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/ManagementCA.cacert.pem dn: cn=config changetype: modify add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ssl/private/ldap.intern.example.com.key.pem dn: cn=config changetype: modify add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/ldap.intern.example.com.crt.pem ... I have saved the files as follows and given them rights. ... root@dsme01:~# ls -la /etc/ssl/private | grep ldap. -rw------- 1 openldap openldap 1675 Feb 25 08:12 ldap.intern.example.com.key.pam ... root@dsme01:~# ls -la /etc/ssl/certs | grep ldap. -rw------- 1 openldap openldap 1424 Feb 25 08:13 ldap.intern.example.com.crt.pem -rw------- 1 openldap openldap 1330 Feb 25 09:00 ManagementCA.cacert.pem ... Why am I not getting the key and cert file added? How do I get the olcTLSCACertificateFile deleted again?
Thank you for your help. Greetings from Stefan Harbich