[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: Re: SSL certificate install
From: Stefan Kania <stefan () kania-online ! de>
Date: 2023-12-13 11:12:24
Message-ID: 463bfc2a-8cf0-42ee-81ab-50d9946a8e39 () kania-online ! de
[Download RAW message or body]
Am 13.12.23 um 08:51 schrieb Jean-Luc Chandezon:
> Hello dear community,
>
> I'm trying to enable LDAPS. I don't understanrd what is cause error. Is
> anybody have an idea please?
>
> OpenLDAP is 2.5.13, on Debian 12.
>
> Here is our certificate chain definition:
>
> dn: cn=config
>
> add: olcTLSCACertificateFile
>
> olcTLSCACertificateFile: /etc/ssl/certs/LEXP_Infra_CA1.pem
>
> -
>
> add: olcTLSCertificateKeyFile
>
> olcTLSCertificateKeyFile: /etc/ssl/private/annuaire.lexp.fr.key
>
> -
>
> add: olcTLSCertificateFile
>
> olcTLSCertificateFile: /etc/ssl/certs/annuaire.lexp.fr.pem
>
> -
>
> Request is:
>
> root@bea-chicago:/etc# ldapmodify -Y EXTERNAL -H ldapi:/// -f
> /tmp/01-SSL.ldif
>
> Result:
>
> SASL/EXTERNAL authentication started
>
> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>
> SASL SSF: 0
>
> modifying entry "cn=config"
>
> ldap_modify: Other (e.g., implementation specific) error (80)
>
> Here are slapd logs:
>
> cago slapd[63531]: daemon: activity on 1 descriptor
>
> 2023-12-13T08:30:42.094605+01:00 bea-chicago slapd[63531]: daemon:
> activity on:
>
> 2023-12-13T08:30:42.094773+01:00 bea-chicago slapd[63531]:
>
> 2023-12-13T08:30:42.094922+01:00 bea-chicago slapd[63531]:
> slap_listener_activate(10):
>
> 2023-12-13T08:30:42.095070+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=8 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.095216+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=9 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.095352+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=10 busy
>
> 2023-12-13T08:30:42.095489+01:00 bea-chicago slapd[63531]: >>>
> slap_listener(ldapi:///)
>
> 2023-12-13T08:30:42.095658+01:00 bea-chicago slapd[63531]: daemon:
> accept() = 12
>
> 2023-12-13T08:30:42.095790+01:00 bea-chicago slapd[63531]: daemon:
> listen=10, new connection on 12
>
> 2023-12-13T08:30:42.095927+01:00 bea-chicago slapd[63531]: daemon:
> activity on 1 descriptor
>
> 2023-12-13T08:30:42.096046+01:00 bea-chicago slapd[63531]: daemon:
> activity on:
>
> 2023-12-13T08:30:42.096165+01:00 bea-chicago slapd[63531]:
>
> 2023-12-13T08:30:42.096284+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=8 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.096424+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=9 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.096545+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=10 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.096701+01:00 bea-chicago slapd[63531]: daemon: added
> 12r (active) listener=(nil)
>
> 2023-12-13T08:30:42.096832+01:00 bea-chicago slapd[63531]: daemon:
> activity on 1 descriptor
>
> 2023-12-13T08:30:42.096981+01:00 bea-chicago slapd[63531]: daemon:
> activity on:
>
> 2023-12-13T08:30:42.097099+01:00 bea-chicago slapd[63531]: 12r
>
> 2023-12-13T08:30:42.097227+01:00 bea-chicago slapd[63531]:
>
> 2023-12-13T08:30:42.097335+01:00 bea-chicago slapd[63531]: daemon: read
> active on 12
>
> 2023-12-13T08:30:42.097503+01:00 bea-chicago slapd[63531]: conn=1001
> fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
>
> 2023-12-13T08:30:42.097727+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=8 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.097845+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=9 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.098084+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=10 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.098282+01:00 bea-chicago slapd[63531]: daemon:
> activity on 1 descriptor
>
> 2023-12-13T08:30:42.098501+01:00 bea-chicago slapd[63531]: daemon:
> activity on:
>
> 2023-12-13T08:30:42.098688+01:00 bea-chicago slapd[63531]:
>
> 2023-12-13T08:30:42.098848+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=8 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.099006+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=9 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.099205+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=10 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.099396+01:00 bea-chicago slapd[63531]:
> connection_get(12)
>
> 2023-12-13T08:30:42.099620+01:00 bea-chicago slapd[63531]:
> connection_get(12): got connid=1001
>
> 2023-12-13T08:30:42.099824+01:00 bea-chicago slapd[63531]:
> connection_read(12): checking for input on id=1001
>
> 2023-12-13T08:30:42.100038+01:00 bea-chicago slapd[63531]: op tag 0x60,
> time 1702452642
>
> 2023-12-13T08:30:42.100268+01:00 bea-chicago slapd[63531]: conn=1001
> op=0 do_bind
>
> 2023-12-13T08:30:42.100499+01:00 bea-chicago slapd[63531]: daemon:
> activity on 1 descriptor
>
> 2023-12-13T08:30:42.100687+01:00 bea-chicago slapd[63531]: daemon:
> activity on:
>
> 2023-12-13T08:30:42.100882+01:00 bea-chicago slapd[63531]:
>
> 2023-12-13T08:30:42.101076+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=8 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.101292+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=9 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.101503+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=10 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.101781+01:00 bea-chicago slapd[63531]: >>>
> dnPrettyNormal: <>
>
> 2023-12-13T08:30:42.102002+01:00 bea-chicago slapd[63531]: <<<
> dnPrettyNormal: <>, <>
>
> 2023-12-13T08:30:42.102205+01:00 bea-chicago slapd[63531]: conn=1001
> op=0 BIND dn="" method=163
>
> 2023-12-13T08:30:42.102431+01:00 bea-chicago slapd[63531]: do_bind: dn
> () SASL mech EXTERNAL
>
> 2023-12-13T08:30:42.102525+01:00 bea-chicago slapd[63531]: ==>
> sasl_bind: dn="" mech=EXTERNAL datalen=0
>
> 2023-12-13T08:30:42.102620+01:00 bea-chicago slapd[63531]: SASL
> Canonicalize [conn=1001]:
> authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
>
> 2023-12-13T08:30:42.102709+01:00 bea-chicago slapd[63531]:
> slap_sasl_getdn: conn 1001
> id=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth [len=55]
>
> 2023-12-13T08:30:42.102817+01:00 bea-chicago slapd[63531]:
> ==>slap_sasl2dn: converting SASL name
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth to a DN
>
> 2023-12-13T08:30:42.102908+01:00 bea-chicago slapd[63531]:
> <==slap_sasl2dn: Converted SASL name to <nothing>
>
> 2023-12-13T08:30:42.103004+01:00 bea-chicago slapd[63531]: SASL
> Canonicalize [conn=1001]:
> slapAuthcDN="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
>
> 2023-12-13T08:30:42.103121+01:00 bea-chicago slapd[63531]: SASL proxy
> authorize [conn=1001]:
> authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
> authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
>
> 2023-12-13T08:30:42.103220+01:00 bea-chicago slapd[63531]: conn=1001
> op=0 BIND
> authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
> authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
>
> 2023-12-13T08:30:42.103322+01:00 bea-chicago slapd[63531]: SASL
> Authorize [conn=1001]: proxy authorization allowed authzDN=""
>
> 2023-12-13T08:30:42.103421+01:00 bea-chicago slapd[63531]:
> send_ldap_sasl: err=0 len=-1
>
> 2023-12-13T08:30:42.103527+01:00 bea-chicago slapd[63531]: conn=1001
> op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
> mech=EXTERNAL bind_ssf=0 ssf=71
>
> 2023-12-13T08:30:42.103619+01:00 bea-chicago slapd[63531]: do_bind:
> SASL/EXTERNAL bind:
> dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" bind_ssf=0
>
> 2023-12-13T08:30:42.103713+01:00 bea-chicago slapd[63531]:
> send_ldap_response: msgid=1 tag=97 err=0
>
> 2023-12-13T08:30:42.103804+01:00 bea-chicago slapd[63531]: conn=1001
> op=0 RESULT tag=97 err=0 qtime=0.000061 etime=0.000517 text=
>
> 2023-12-13T08:30:42.103913+01:00 bea-chicago slapd[63531]: <==
> slap_sasl_bind: rc=0
>
> 2023-12-13T08:30:42.104010+01:00 bea-chicago slapd[63531]: daemon:
> activity on 1 descriptor
>
> 2023-12-13T08:30:42.104102+01:00 bea-chicago slapd[63531]: daemon:
> activity on:
>
> 2023-12-13T08:30:42.104185+01:00 bea-chicago slapd[63531]: 12r
>
> 2023-12-13T08:30:42.104268+01:00 bea-chicago slapd[63531]:
>
> 2023-12-13T08:30:42.104352+01:00 bea-chicago slapd[63531]: daemon: read
> active on 12
>
> 2023-12-13T08:30:42.104435+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=8 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.104518+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=9 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.104600+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=10 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.104683+01:00 bea-chicago slapd[63531]:
> connection_get(12)
>
> 2023-12-13T08:30:42.104766+01:00 bea-chicago slapd[63531]:
> connection_get(12): got connid=1001
>
> 2023-12-13T08:30:42.104851+01:00 bea-chicago slapd[63531]:
> connection_read(12): checking for input on id=1001
>
> 2023-12-13T08:30:42.104941+01:00 bea-chicago slapd[63531]: op tag 0x66,
> time 1702452642
>
> 2023-12-13T08:30:42.105037+01:00 bea-chicago slapd[63531]: conn=1001
> op=1 do_modify
>
> 2023-12-13T08:30:42.105129+01:00 bea-chicago slapd[63531]: conn=1001
> op=1 do_modify: dn (cn=config)
>
> 2023-12-13T08:30:42.105223+01:00 bea-chicago slapd[63531]: >>>
> dnPrettyNormal: <cn=config>
>
> 2023-12-13T08:30:42.105316+01:00 bea-chicago slapd[63531]: daemon:
> activity on 1 descriptor
>
> 2023-12-13T08:30:42.105401+01:00 bea-chicago slapd[63531]: daemon:
> activity on:
>
> 2023-12-13T08:30:42.105486+01:00 bea-chicago slapd[63531]:
>
> 2023-12-13T08:30:42.105587+01:00 bea-chicago slapd[63531]: <<<
> dnPrettyNormal: <cn=config>, <cn=config>
>
> 2023-12-13T08:30:42.105675+01:00 bea-chicago slapd[63531]: conn=1001
> op=1 modifications:
>
> 2023-12-13T08:30:42.105770+01:00 bea-chicago slapd[63531]: #011add:
> olcTLSCACertificateFile
>
> 2023-12-13T08:30:42.105862+01:00 bea-chicago slapd[63531]: #011#011one
> value, length 33
>
> 2023-12-13T08:30:42.105951+01:00 bea-chicago slapd[63531]: #011add:
> olcTLSCertificateKeyFile
>
> 2023-12-13T08:30:42.106034+01:00 bea-chicago slapd[63531]: #011#011one
> value, length 37
>
> 2023-12-13T08:30:42.106124+01:00 bea-chicago slapd[63531]: #011add:
> olcTLSCertificateFile
>
> 2023-12-13T08:30:42.106219+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=8 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.106303+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=9 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.106387+01:00 bea-chicago slapd[63531]: daemon:
> epoll: listen=10 active_threads=0 tvp=zero
>
> 2023-12-13T08:30:42.106469+01:00 bea-chicago slapd[63531]: #011#011one
> value, length 35
>
> 2023-12-13T08:30:42.106557+01:00 bea-chicago slapd[63531]: conn=1001
> op=1 MOD dn="cn=config"
>
> 2023-12-13T08:30:42.106644+01:00 bea-chicago slapd[63531]: conn=1001
> op=1 MOD attr=olcTLSCACertificateFile olcTLSCertificateKeyFile
> olcTLSCertificateFile
>
> 2023-12-13T08:30:42.106737+01:00 bea-chicago slapd[63531]: =>
> access_allowed: result not in cache (olcTLSCACertificateFile)
>
> 2023-12-13T08:30:42.106823+01:00 bea-chicago slapd[63531]: =>
> access_allowed: add access to "cn=config" "olcTLSCACertificateFile"
> requested
>
> 2023-12-13T08:30:42.106918+01:00 bea-chicago slapd[63531]: => acl_get:
> [1] attr olcTLSCACertificateFile
>
> 2023-12-13T08:30:42.107007+01:00 bea-chicago slapd[63531]: => acl_mask:
> access to entry "cn=config", attr "olcTLSCACertificateFile" requested
>
> 2023-12-13T08:30:42.107095+01:00 bea-chicago slapd[63531]: => acl_mask:
> to value by "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0)
>
> 2023-12-13T08:30:42.107182+01:00 bea-chicago slapd[63531]: <= check
> a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>
> 2023-12-13T08:30:42.107283+01:00 bea-chicago slapd[63531]: <= acl_mask:
> [1] applying manage(=mwrscxd) (stop)
>
> 2023-12-13T08:30:42.107374+01:00 bea-chicago slapd[63531]: <= acl_mask:
> [1] mask: manage(=mwrscxd)
>
> 2023-12-13T08:30:42.107457+01:00 bea-chicago slapd[63531]: =>
> slap_access_allowed: add access granted by manage(=mwrscxd)
>
> 2023-12-13T08:30:42.107543+01:00 bea-chicago slapd[63531]: =>
> access_allowed: add access granted by manage(=mwrscxd)
>
> 2023-12-13T08:30:42.107636+01:00 bea-chicago slapd[63531]: =>
> access_allowed: result not in cache (olcTLSCertificateKeyFile)
>
> 2023-12-13T08:30:42.107724+01:00 bea-chicago slapd[63531]: =>
> access_allowed: add access to "cn=config" "olcTLSCertificateKeyFile"
> requested
>
> 2023-12-13T08:30:42.107812+01:00 bea-chicago slapd[63531]: => acl_get:
> [1] attr olcTLSCertificateKeyFile
>
> 2023-12-13T08:30:42.107898+01:00 bea-chicago slapd[63531]: => acl_mask:
> access to entry "cn=config", attr "olcTLSCertificateKeyFile" requested
>
> 2023-12-13T08:30:42.107992+01:00 bea-chicago slapd[63531]: => acl_mask:
> to value by "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0)
>
> 2023-12-13T08:30:42.108074+01:00 bea-chicago slapd[63531]: <= check
> a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>
> 2023-12-13T08:30:42.108157+01:00 bea-chicago slapd[63531]: <= acl_mask:
> [1] applying manage(=mwrscxd) (stop)
>
> 2023-12-13T08:30:42.108240+01:00 bea-chicago slapd[63531]: <= acl_mask:
> [1] mask: manage(=mwrscxd)
>
> 2023-12-13T08:30:42.108323+01:00 bea-chicago slapd[63531]: =>
> slap_access_allowed: add access granted by manage(=mwrscxd)
>
> 2023-12-13T08:30:42.108398+01:00 bea-chicago slapd[63531]: =>
> access_allowed: add access granted by manage(=mwrscxd)
>
> 2023-12-13T08:30:42.108494+01:00 bea-chicago slapd[63531]: =>
> access_allowed: result not in cache (olcTLSCertificateFile)
>
> 2023-12-13T08:30:42.108589+01:00 bea-chicago slapd[63531]: =>
> access_allowed: add access to "cn=config" "olcTLSCertificateFile" requested
>
> 2023-12-13T08:30:42.108678+01:00 bea-chicago slapd[63531]: => acl_get:
> [1] attr olcTLSCertificateFile
>
> 2023-12-13T08:30:42.108762+01:00 bea-chicago slapd[63531]: => acl_mask:
> access to entry "cn=config", attr "olcTLSCertificateFile" requested
>
> 2023-12-13T08:30:42.108852+01:00 bea-chicago slapd[63531]: => acl_mask:
> to value by "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0)
>
> 2023-12-13T08:30:42.108936+01:00 bea-chicago slapd[63531]: <= check
> a_dn_pat: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
>
> 2023-12-13T08:30:42.109014+01:00 bea-chicago slapd[63531]: <= acl_mask:
> [1] applying manage(=mwrscxd) (stop)
>
> 2023-12-13T08:30:42.109090+01:00 bea-chicago slapd[63531]: <= acl_mask:
> [1] mask: manage(=mwrscxd)
>
> 2023-12-13T08:30:42.109172+01:00 bea-chicago slapd[63531]: =>
> slap_access_allowed: add access granted by manage(=mwrscxd)
>
> 2023-12-13T08:30:42.109253+01:00 bea-chicago slapd[63531]: =>
> access_allowed: add access granted by manage(=mwrscxd)
>
> 2023-12-13T08:30:42.109337+01:00 bea-chicago slapd[63531]: slap_get_csn:
> conn=1001 op=1 generated new
> csn=20231213073042.095886Z#000000#000#000000 manage=1
>
> 2023-12-13T08:30:42.109424+01:00 bea-chicago slapd[63531]:
> slap_queue_csn: queueing 0x7f57dc000ce0
> 20231213073042.095886Z#000000#000#000000
>
> 2023-12-13T08:30:42.109535+01:00 bea-chicago slapd[63531]:
> oc_check_required entry (cn=config), objectClass "olcGlobal"
>
> 2023-12-13T08:30:42.109647+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "objectClass"
>
> 2023-12-13T08:30:42.109739+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "cn"
>
> 2023-12-13T08:30:42.109829+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "olcArgsFile"
>
> 2023-12-13T08:30:42.109917+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "olcLogLevel"
>
> 2023-12-13T08:30:42.110080+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "olcPidFile"
>
> 2023-12-13T08:30:42.110173+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "olcToolThreads"
>
> 2023-12-13T08:30:42.110266+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "structuralObjectClass"
>
> 2023-12-13T08:30:42.110367+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "entryUUID"
>
> 2023-12-13T08:30:42.110464+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "creatorsName"
>
> 2023-12-13T08:30:42.110541+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "createTimestamp"
>
> 2023-12-13T08:30:42.110617+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "olcTLSCACertificateFile"
>
> 2023-12-13T08:30:42.110707+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "olcTLSCertificateKeyFile"
>
> 2023-12-13T08:30:42.110793+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "olcTLSCertificateFile"
>
> 2023-12-13T08:30:42.110875+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "entryCSN"
>
> 2023-12-13T08:30:42.110972+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "modifiersName"
>
> 2023-12-13T08:30:42.111058+01:00 bea-chicago slapd[63531]:
> oc_check_allowed type "modifyTimestamp"
>
> 2023-12-13T08:30:42.111144+01:00 bea-chicago slapd[63531]:
> send_ldap_result: conn=1001 op=1 p=3
>
> 2023-12-13T08:30:42.111233+01:00 bea-chicago slapd[63531]:
> send_ldap_result: err=80 matched="" text=""
>
> 2023-12-13T08:30:42.111321+01:00 bea-chicago slapd[63531]:
> send_ldap_response: msgid=2 tag=103 err=80
>
> 2023-12-13T08:30:42.111407+01:00 bea-chicago slapd[63531]: conn=1001
> op=1 RESULT tag=103 err=80 qtime=0.000070 etime=0.002380 text=
>
> 2023-12-13T08:30:42.111498+01:00 bea-chicago slapd[63531]:
> slap_graduate_commit_csn: removing 0x7f57dc000ce0
> 20231213073042.095886Z#000000#000#000000
>
> 2023-12-13T08:30:42.111590+01:00 bea-chicago slapd[63531]: daemon:
> activity on 1 descriptor
>
> Best regards,
>
> Jean-Luc
>
You are missing "changetype: modify"
this is how it should look
-------------
dn: cn=config
changetype: modify
add: olcTLSCertificateFile
olcTLSCertificateFile: /opt/symas/etc/openldap/example-net-cert.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /opt/symas/etc/openldap/example-net-key.pem
-
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /opt/symas/etc/openldap/cacert.pem
-------------
Stefan
["smime.p7s" (application/pkcs7-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic