Sorry for the spelling mistake
using /usr/local/libexec/slapd -s 256 -h "ldaps:///"
And getting the error "daemon: TLS not supported (ldaps:///)" is syslog, I have searched mailing list, the one possible reason mentioned was "openldap is not compiled with TLS support" but I have verified this using ldd.
ldd /usr/local/libexec/slapd linux-vdso.so.1 => (0x00007fff1f7ff000) libdb-4.7.so => /usr/lib/libdb-4.7.so (0x00007f80960b4000) libpthread.so.0 => /lib/libpthread.so.0 (0x00007f8095e98000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007f8095c7e000) libdl.so.2 => /lib/libdl.so.2 (0x00007f8095a7a000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007f8095843000) libresolv.so.2 => /lib/libresolv.so.2 (0x00007f809562c000) libwrap.so.0 => /lib/libwrap.so.0 (0x00007f8095423000) libc.so.6 => /lib/libc.so.6 (0x00007f80950c2000) /lib64/ld-linux-x86-64.so.2 (0x00007f8096428000) libnsl.so.1 => /lib/libnsl.so.1 (0x00007f8094ea9000)
I'm not sure whether the problem in certificates could be the reason for this. In my slapd.conf I've following lines related to TLS.
TLSCACertificateFile /usr/local/etc/openldap/ca-bundle.crt TLSCertificateFile /usr/local/etc/openldap/slapd.pem TLSCertificateKeyFile /usr/local/etc/openldap/slapd.pem
Regards,
Meghanand N. Acharekar
On Tue, May 10, 2011 at 8:50 PM, Quanah Gibson-Mount quanah@zimbra.comwrote:
--On Tuesday, May 10, 2011 4:56 PM +0530 Meghanand Acharekar < vasco.debian@gmail.com> wrote:
using /usr/local/libexec/slapd -s 256 -h "ldap:///"
daemon: TLS not supported (ldaps:///)
You didn't tell slapd to start with ldaps:///, you told it to start with ldap:///. What exactly is the question?
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
Meghanand Acharekar wrote:
Sorry for the spelling mistake
using /usr/local/libexec/slapd -s 256 -h "ldaps:///"
And getting the error "daemon: TLS not supported (ldaps:///)" is syslog, I have searched mailing list, the one possible reason mentioned was "openldap is not compiled with TLS support" but I have verified this using ldd.
What you have verified here is that slapd is not linked with any SSL/TLS library, so most probably, was not compiled with TLS support.
ldd /usr/local/libexec/slapd linux-vdso.so.1 => (0x00007fff1f7ff000) libdb-4.7.so http://libdb-4.7.so/ => /usr/lib/libdb-4.7.so http://libdb-4.7.so/ (0x00007f80960b4000) libpthread.so.0 => /lib/libpthread.so.0 (0x00007f8095e98000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007f8095c7e000) libdl.so.2 => /lib/libdl.so.2 (0x00007f8095a7a000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007f8095843000) libresolv.so.2 => /lib/libresolv.so.2 (0x00007f809562c000) libwrap.so.0 => /lib/libwrap.so.0 (0x00007f8095423000) libc.so.6 => /lib/libc.so.6 (0x00007f80950c2000) /lib64/ld-linux-x86-64.so.2 (0x00007f8096428000) libnsl.so.1 => /lib/libnsl.so.1 (0x00007f8094ea9000)
I'm not sure whether the problem in certificates could be the reason for this. In my slapd.conf I've following lines related to TLS.
TLSCACertificateFile /usr/local/etc/openldap/ca-bundle.crt TLSCertificateFile /usr/local/etc/openldap/slapd.pem TLSCertificateKeyFile /usr/local/etc/openldap/slapd.pem
Thanks for pointing that out, I've verified it at all.
Regards,
Meghanand N. Acharekar
On Wed, May 11, 2011 at 1:00 PM, Howard Chu hyc@symas.com wrote:
Meghanand Acharekar wrote:
Sorry for the spelling mistake
using /usr/local/libexec/slapd -s 256 -h "ldaps:///"
And getting the error "daemon: TLS not supported (ldaps:///)" is syslog, I have searched mailing list, the one possible reason mentioned was "openldap is not compiled with TLS support" but I have verified this using ldd.
What you have verified here is that slapd is not linked with any SSL/TLS library, so most probably, was not compiled with TLS support.
ldd /usr/local/libexec/slapd
linux-vdso.so.1 => (0x00007fff1f7ff000) libdb-4.7.so http://libdb-4.7.so/ => /usr/lib/libdb-4.7.so http://libdb-4.7.so/ (0x00007f80960b4000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007f8095e98000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007f8095c7e000) libdl.so.2 => /lib/libdl.so.2 (0x00007f8095a7a000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007f8095843000) libresolv.so.2 => /lib/libresolv.so.2 (0x00007f809562c000) libwrap.so.0 => /lib/libwrap.so.0 (0x00007f8095423000) libc.so.6 => /lib/libc.so.6 (0x00007f80950c2000) /lib64/ld-linux-x86-64.so.2 (0x00007f8096428000) libnsl.so.1 => /lib/libnsl.so.1 (0x00007f8094ea9000)
I'm not sure whether the problem in certificates could be the reason for this. In my slapd.conf I've following lines related to TLS.
TLSCACertificateFile /usr/local/etc/openldap/ca-bundle.crt TLSCertificateFile /usr/local/etc/openldap/slapd.pem TLSCertificateKeyFile /usr/local/etc/openldap/slapd.pem
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Recompiled with --with-tls=gnutls Now working fine, also verified
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00007fa3b2b54000)
in ldd /usr/local/libexec/slapd
Thanks for the help
Regards, Meghanand N. Acharekar
On Wed, May 11, 2011 at 3:37 PM, Meghanand Acharekar <vasco.debian@gmail.com
wrote:
Thanks for pointing that out, I've verified it at all.
Regards,
Meghanand N. Acharekar
On Wed, May 11, 2011 at 1:00 PM, Howard Chu hyc@symas.com wrote:
Meghanand Acharekar wrote:
Sorry for the spelling mistake
using /usr/local/libexec/slapd -s 256 -h "ldaps:///"
And getting the error "daemon: TLS not supported (ldaps:///)" is syslog, I have searched mailing list, the one possible reason mentioned was "openldap is not compiled with TLS support" but I have verified this using ldd.
What you have verified here is that slapd is not linked with any SSL/TLS library, so most probably, was not compiled with TLS support.
ldd /usr/local/libexec/slapd
linux-vdso.so.1 => (0x00007fff1f7ff000) libdb-4.7.so http://libdb-4.7.so/ => /usr/lib/libdb-4.7.so http://libdb-4.7.so/ (0x00007f80960b4000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007f8095e98000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007f8095c7e000) libdl.so.2 => /lib/libdl.so.2 (0x00007f8095a7a000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007f8095843000) libresolv.so.2 => /lib/libresolv.so.2 (0x00007f809562c000) libwrap.so.0 => /lib/libwrap.so.0 (0x00007f8095423000) libc.so.6 => /lib/libc.so.6 (0x00007f80950c2000) /lib64/ld-linux-x86-64.so.2 (0x00007f8096428000) libnsl.so.1 => /lib/libnsl.so.1 (0x00007f8094ea9000)
I'm not sure whether the problem in certificates could be the reason for this. In my slapd.conf I've following lines related to TLS.
TLSCACertificateFile /usr/local/etc/openldap/ca-bundle.crt TLSCertificateFile /usr/local/etc/openldap/slapd.pem TLSCertificateKeyFile /usr/local/etc/openldap/slapd.pem
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
openldap-technical@openldap.org