Wednesday, November 27, 2019

OpenLDAP with ldaps support on Debian Lenny

somehow I am unable to configure slapd to enable ldaps support on Debian Lenny. It looks like OpenLDAP is compiled with GnuTLS instead of OpenSSL which could be part of the problem.



I've added the following options to slapd.conf:




TLSCipherSuite TLS_RSA_AES_256_CBC_SHA
TLSCertificateFile /etc/ssl/certs/myhost.pem
TLSCACertificatePath /etc/ssl/certs/ 
TLSCertificateKeyFile /etc/ssl/private/myhost.pem

TLSVerifyClient never


and the following to ldap.conf:




URI         ldap:/// ldaps:///
TLS_REQCERT never



The following error appears in the logs if I try to start slapd:



main: TLS init def ctx failed: -64


Could it be that the certificate, which has been generated by openssl, cannot be read by GnuTLS?



Has anyone of you configured OpenLDAP on Debian with ldaps support? If yes, any hints on how to get it to work would be very appreciated.



Thanks.




EDIT: found a working TLSCipherSuite.

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...