4:04 a.m.
Hi,
the internet is full of "tips" to solve the above problem. I'm pulling my
hairs and can not find the real issue since days. any help is greatly
appreciated.
--------- enable_ssl.ldiff ---------------
dn: cn=config
changetype: modify
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/key.key
dn: cn=config
changetype: modify
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/cert.pem
--------- enable_ssl.ldiff ---------------
# ls -alh /etc/ldap/cert.pem /etc/ldap/key.key
-rwxrwxrwx 1 root root 1,1K Mär 1 21:43 /etc/ldap/cert.pem
-rwxrwxrwx 1 root root 1,7K Mär 1 21:21 /etc/ldap/key.key
# openssl rsa -noout -modulus -in /etc/ldap/key.key | openssl md5
(stdin)= 45b4165df200817a20857fb453acd33e
# openssl x509 -noout -modulus -in /etc/ldap/cert.pem | openssl md5
(stdin)= 45b4165df200817a20857fb453acd33e
# head -n2 /etc/ldap/cert.pem
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgIQBFMR6HMGTGjQIjSj4sQX+TANBgkqhkiG9w0BAQsFADBu
# head -n2 /etc/ldap/key.key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvrDddMwXoy10diqDpqd45jaC8HiGKz7KC5X3W0ZLvCshylu0
ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v
# ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v
ldap_initialize( ldapi:///??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
add olcTLSCertificateKeyFile:
/etc/ldap/key.key
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
I can however modify other values like *olcLogLevel* without problems.
Debian 10 latest:
2.4.47+dfsg-3+deb10u6
# slapd -VVV
@(#) $OpenLDAP: slapd (Feb 14 2021 18:32:34) $
Debian OpenLDAP Maintainers <pkg-openldap-devel(a)lists.alioth.debian.org>
Included static backends:
config
ldif
Stefan.
8:42 a.m.
Stefan Bauer wrote:
Hi,
the internet is full of "tips" to solve the above problem. I'm pulling my
hairs and can not find the real issue since days. any help is greatly appreciated.
Do the change as a single operation:
dn: cn=config
changetype: modify
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/key.key
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/cert.pem
--------- enable_ssl.ldiff ---------------
dn: cn=config
changetype: modify
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/key.key
dn: cn=config
changetype: modify
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/cert.pem
--------- enable_ssl.ldiff ---------------
# ls -alh /etc/ldap/cert.pem /etc/ldap/key.key
-rwxrwxrwx 1 root root 1,1K Mär 1 21:43 /etc/ldap/cert.pem
-rwxrwxrwx 1 root root 1,7K Mär 1 21:21 /etc/ldap/key.key
# openssl rsa -noout -modulus -in /etc/ldap/key.key | openssl md5
(stdin)= 45b4165df200817a20857fb453acd33e
# openssl x509 -noout -modulus -in /etc/ldap/cert.pem | openssl md5
(stdin)= 45b4165df200817a20857fb453acd33e
# head -n2 /etc/ldap/cert.pem
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgIQBFMR6HMGTGjQIjSj4sQX+TANBgkqhkiG9w0BAQsFADBu
# head -n2 /etc/ldap/key.key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvrDddMwXoy10diqDpqd45jaC8HiGKz7KC5X3W0ZLvCshylu0
ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v
# ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v
ldap_initialize( ldapi:///??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
add olcTLSCertificateKeyFile:
/etc/ldap/key.key
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
I can however modify other values like /olcLogLevel/ without problems.
Debian 10 latest:
2.4.47+dfsg-3+deb10u6
# slapd -VVV
@(#) $OpenLDAP: slapd (Feb 14 2021 18:32:34) $
Debian OpenLDAP Maintainers <pkg-openldap-devel(a)lists.alioth.debian.org
<mailto:pkg-openldap-devel@lists.alioth.debian.org>>
Included static backends:
config
ldif
Stefan.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
1:37 p.m.
Thank you. That did the trick. many thanks Howard!
Stefan
Am Freitag, 5. März 2021 schrieb Howard Chu <hyc(a)symas.com>:
Stefan Bauer wrote:
> Hi,
>
> the internet is full of "tips" to solve the above problem. I'm
pulling
my hairs and can not find the real issue since days. any help is greatly
appreciated.
Do the change as a single operation:
dn: cn=config
changetype: modify
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/key.key
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/cert.pem
>
> --------- enable_ssl.ldiff ---------------
> dn: cn=config
> changetype: modify
> add: olcTLSCertificateKeyFile
> olcTLSCertificateKeyFile: /etc/ldap/key.key
>
> dn: cn=config
> changetype: modify
> add: olcTLSCertificateFile
> olcTLSCertificateFile: /etc/ldap/cert.pem
> --------- enable_ssl.ldiff ---------------
>
> # ls -alh /etc/ldap/cert.pem /etc/ldap/key.key
> -rwxrwxrwx 1 root root 1,1K Mär 1 21:43 /etc/ldap/cert.pem
> -rwxrwxrwx 1 root root 1,7K Mär 1 21:21 /etc/ldap/key.key
>
> # openssl rsa -noout -modulus -in /etc/ldap/key.key | openssl md5
> (stdin)= 45b4165df200817a20857fb453acd33e
> # openssl x509 -noout -modulus -in /etc/ldap/cert.pem | openssl md5
> (stdin)= 45b4165df200817a20857fb453acd33e
>
> # head -n2 /etc/ldap/cert.pem
> -----BEGIN CERTIFICATE-----
> MIIFmDCCBICgAwIBAgIQBFMR6HMGTGjQIjSj4sQX+TANBgkqhkiG9w0BAQsFADBu
> # head -n2 /etc/ldap/key.key
> -----BEGIN RSA PRIVATE KEY-----
> MIIEowIBAAKCAQEAvrDddMwXoy10diqDpqd45jaC8HiGKz7KC5X3W0ZLvCshylu0
>
>
> ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v
>
> # ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v
> ldap_initialize( ldapi:///??base )
> SASL/EXTERNAL authentication started
> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> SASL SSF: 0
> add olcTLSCertificateKeyFile:
> /etc/ldap/key.key
> modifying entry "cn=config"
> ldap_modify: Other (e.g., implementation specific) error (80)
>
> I can however modify other values like /olcLogLevel/ without problems.
>
> Debian 10 latest:
> 2.4.47+dfsg-3+deb10u6
> # slapd -VVV
> @(#) $OpenLDAP: slapd (Feb 14 2021 18:32:34) $
> Debian OpenLDAP Maintainers <pkg-openldap-devel(a)lists.alioth.debian.org
<mailto:pkg-openldap-devel@lists.alioth.debian.org>>
>
> Included static backends:
> config
> ldif
>
> Stefan.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
1008
days inactive
1009
days old
openldap-technical@openldap.org
2 comments
2 participants
participants (2)
-
Howard Chu -
Stefan Bauer