Hi,
i wanted to activate the TLS / SSL encryption for my OpenLDAP server. After I created the certificates and wanted to paste the information into the backend, I got the following error message:
...
root@dsme01:~# ldapadd -x -D cn=admin,cn=config -W -f /etc/ldap/tls.ldif
Enter LDAP Password:
modifying entry "cn=config"
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
...
The first entry was accepted. But not the second and third. Here is my ldif file:
...
root@dsme01:~# cat /etc/ldap/tls.ldif
###########################################################
# CONFIGURATION for Support of TLS
###########################################################
# Add TLS supported access to user passwords for LDAP clients
# to the LDAP config.
dn: cn=config
changetype: modify
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/ManagementCA.cacert.pem
dn: cn=config
changetype: modify
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/private/ldap.intern.example.com.key.pem
dn: cn=config
changetype: modify
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/certs/ldap.intern.example.com.crt.pem
...
I have saved the files as follows and given them rights.
...
root@dsme01:~# ls -la /etc/ssl/private | grep ldap.
-rw------- 1 openldap openldap 1675 Feb 25 08:12 ldap.intern.example.com.key.pam
...
root@dsme01:~# ls -la /etc/ssl/certs | grep ldap.
-rw------- 1 openldap openldap 1424 Feb 25 08:13 ldap.intern.example.com.crt.pem
-rw------- 1 openldap openldap 1330 Feb 25 09:00 ManagementCA.cacert.pem
...
Why am I not getting the key and cert file added?
How do I get the olcTLSCACertificateFile deleted again?
Thank you for your help.
Greetings from Stefan Harbich