Pre-requisites to enable SSL/TLS in OpenLDAP 2.4 - openldap-technical

23 Mar 2010


      Hi All,
I am using OpenLDAP 2.4.21 on RHEL 5.3.
I have configured the openldap with "./configure --with-tls" option to enable ssl in the server. I used the built-in openssl that comes with RHEL 5.3. Berkley GB is 4.8.26.
But after creating the certificates and configuring the slapd.conf with the below lines:
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
However, when I try to run the slapd with the -h option as "/usr/local/libexec/slapd -h "ldap:// ldaps://" -d 255"
then I get the following output:
...
...
...
...
...
...
>>
daemon_init: ldap:// ldaps://
daemon_init: listen on ldap://
daemon_init: listen on ldaps://
daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap://)
daemon: listener initialized ldap://
ldap_url_parse_ext(ldaps://)
daemon: TLS not supported (ldaps://)
slapd stopped.
connections_destroy: nothing to destroy.
...
...
...
...
...
...
>>>
I am guessing something is wrong at the openldap configuration level itself. Can somebody let me know what are the pre-requisites to be followed while configuring openldap (configure options)so that SSL can be enabled successfully.
Thanks