Hey ldap folks!
I've attempted to add TLS capabilities to my newly created LDAP server using the following document:
http://www.server-world.info/en/note?os=CentOS_6&p=ldap&f=3
This is how my cert files are looking in terms of ownership and permissions:
[root@puppet:~] #ls -l /etc/pki/tls/*/* | grep ldap -r-------- 1 ldap root 1241 Feb 19 13:06 /etc/pki/tls/certs/ldap.crt -r-------- 1 ldap root 1021 Feb 19 13:05 /etc/pki/tls/misc/ldap.csr -r-------- 1 ldap root 1679 Feb 19 13:01 /etc/pki/tls/private/ldap.key
I got to the point where I'm attempting to add the configuration parameters to my ldap setup like so:
[root@puppet:~] #ldapmodify -Y EXTERNAL -H ldapi:/// SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn: cn=config add: olcTLSCertificateFile olcTLSCertificateFile: /etc/pki/tls/certs/ldap.crt - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/pki/tls/private/ldap.key modifying entry "cn=config" ldap_modify: Inappropriate matching (18) additional info: modify/add: olcTLSCertificateFile: no equality matching rule
These are the package version numbers I have installed via yum on CentOS 6.5:
openldap-2.4.23-34.el6_5.1.x86_64 openldap-devel-2.4.23-34.el6_5.1.x86_64 openldap-servers-2.4.23-34.el6_5.1.x86_64 openldap-clients-2.4.23-34.el6_5.1.x86_64
Can anyone offer some wisdom as to why this error is happening? Or perhaps offer some better documentation on how to enable the TLS abilities of openldap?
Thanks Tim
I'm new in LDAP and I used the same documentation you followed, but here's another one... and to be honest, I didn't execute this 'ldapmodify...' http://easylinuxtutorials.blogspot.com.br/2013/11/installing-configuring-ope...
Tks, Daniel
On Wed, Feb 19, 2014 at 3:35 PM, Tim Dunphy bluethundr@gmail.com wrote:
Hey ldap folks!
I've attempted to add TLS capabilities to my newly created LDAP server using the following document:
http://www.server-world.info/en/note?os=CentOS_6&p=ldap&f=3
This is how my cert files are looking in terms of ownership and permissions:
[root@puppet:~] #ls -l /etc/pki/tls/*/* | grep ldap -r-------- 1 ldap root 1241 Feb 19 13:06 /etc/pki/tls/certs/ldap.crt -r-------- 1 ldap root 1021 Feb 19 13:05 /etc/pki/tls/misc/ldap.csr -r-------- 1 ldap root 1679 Feb 19 13:01 /etc/pki/tls/private/ldap.key
I got to the point where I'm attempting to add the configuration parameters to my ldap setup like so:
[root@puppet:~] #ldapmodify -Y EXTERNAL -H ldapi:/// SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn: cn=config add: olcTLSCertificateFile olcTLSCertificateFile: /etc/pki/tls/certs/ldap.crt
add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/pki/tls/private/ldap.key modifying entry "cn=config" ldap_modify: Inappropriate matching (18) additional info: modify/add: olcTLSCertificateFile: no equality matching rule
These are the package version numbers I have installed via yum on CentOS 6.5:
openldap-2.4.23-34.el6_5.1.x86_64 openldap-devel-2.4.23-34.el6_5.1.x86_64 openldap-servers-2.4.23-34.el6_5.1.x86_64 openldap-clients-2.4.23-34.el6_5.1.x86_64
Can anyone offer some wisdom as to why this error is happening? Or perhaps offer some better documentation on how to enable the TLS abilities of openldap?
Thanks Tim
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
Am Wed, 19 Feb 2014 13:35:13 -0500 schrieb Tim Dunphy bluethundr@gmail.com:
Hey ldap folks!
I've attempted to add TLS capabilities to my newly created LDAP server using the following document:
http://www.server-world.info/en/note?os=CentOS_6&p=ldap&f=3
This is how my cert files are looking in terms of ownership and permissions:
[root@puppet:~] #ls -l /etc/pki/tls/*/* | grep ldap -r-------- 1 ldap root 1241 Feb 19 13:06 /etc/pki/tls/certs/ldap.crt -r-------- 1 ldap root 1021 Feb 19 13:05 /etc/pki/tls/misc/ldap.csr -r-------- 1 ldap root 1679 Feb 19 13:01 /etc/pki/tls/private/ldap.key
I got to the point where I'm attempting to add the configuration parameters to my ldap setup like so:
[root@puppet:~] #ldapmodify -Y EXTERNAL -H ldapi:/// SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 dn: cn=config add: olcTLSCertificateFile olcTLSCertificateFile: /etc/pki/tls/certs/ldap.crt
Don't rely on third party documentation! Read the manual pages! In particular ldapmodify(1). You are missing the changetype attribute.
[...]
-Dieter
openldap-technical@openldap.org
-
Daniel Szortyka -
Dieter Klünter -
Tim Dunphy