New subject: Pre-requisites to enable SSL/TLS in OpenLDAP 2.4

24 Mar 2010


      Thanks for the reply, Dieter. Yes it seems slapd has not been built with openssl.
Here is the output of ldd:
$ ldd /usr/local/libexec/slapd
 libdb-4.8.so => /usr/local/BerkeleyDB.4.8/lib/libdb-4.8.so (0x00002ad9ac26a000)
 libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003542a00000)
 libresolv.so.2 => /lib64/libresolv.so.2 (0x000000354ba00000)
 libc.so.6 => /lib64/libc.so.6 (0x0000003541e00000)
 /lib64/ld-linux-x86-64.so.2 (0x0000003541a00000)
Can you please let me know if there is any workaround for this or do we need to re-configure openldap with (--with-tls=openssl) ?
Also let me know if we need to configure openldap with any other configuration options for TLS/SSL to work properly.
Please suggest.
Thanks.
On Wed, 24 Mar 2010 19:24:29 +0530  wrote
...
"Arun Srinivasan"  writes:
...
Hi All,
...
...
I am using OpenLDAP 2.4.21 on RHEL 5.3.
...
...
I have configured the openldap with "./configure --with-tls" option to enable
...
ssl in the server. I used the built-in openssl that comes with RHEL 5.3.
...
Berkley GB is 4.8.26.
[...]
...
...
then I get the following output:
...
...
...
...
...
...
>>>
...
daemon_init: ldap:// ldaps://
...
daemon_init: listen on ldap://
...
daemon_init: listen on ldaps://
...
daemon_init: 2 listeners to open...
...
ldap_url_parse_ext(ldap://)
...
daemon: listener initialized ldap://
...
ldap_url_parse_ext(ldaps://)
...
daemon: TLS not supported (ldaps://)
...
slapd stopped.
...
connections_destroy: nothing to destroy.
...
...
...
...
...
...
>>>>
[...]
It seems that slapd has not been built with openssl, you may check the
shared libraries linked to slapd calling ldd(1).
-Dieter
-- 

Dieter Klünter | Systemberatung

http://dkluenter.de

GPG Key ID:8EF7B6C6

53°37'09,95"N

10°08'02,42"E

Re: Re: Pre-requisites to enable SSL/TLS in OpenLDAP 2.4