'Re: SSL certificate install'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    Re: SSL certificate install
From:       Stefan Kania <stefan () kania-online ! de>
Date:       2023-12-14 9:16:34
Message-ID: 1f19a904-cb59-4562-82e1-4206d8805627 () kania-online ! de
[Download RAW message or body]


Syntax error? Open your file with vi and do a "set: list" and you will 
see additional blanks and tabstops.


Am 13.12.23 um 14:28 schrieb Jean-Luc Chandezon:
> > 
> > You are missing "changetype: modify"
> > 
> > this is how it should look
> > -------------
> > dn: cn=config
> > changetype: modify
> > add: olcTLSCertificateFile
> > olcTLSCertificateFile: /opt/symas/etc/openldap/example-net-cert.pem
> > -
> > add: olcTLSCertificateKeyFile
> > olcTLSCertificateKeyFile: /opt/symas/etc/openldap/example-net-key.pem
> > -
> > add: olcTLSCACertificateFile
> > olcTLSCACertificateFile: /opt/symas/etc/openldap/cacert.pem
> > 
> > -------------
> > Stefan
> > 
> 
> Thank you Stefan!
> Sorry for the mistake due to last changes.
> 
> Our ldf file content is:
> 
> dn: cn=config
> changetype: modify
> add: olcTLSCACertificateFile
> olcTLSCACertificateFile: /etc/ssl/certs/LEXP_Infra_CA1.pem
> -
> add: olcTLSCertificateKeyFile
> olcTLSCertificateKeyFile: /etc/ssl/private/annuaire.lexp.fr.key
> -
> add: olcTLSCertificateFile
> olcTLSCertificateFile: /etc/ssl/certs/annuaire.lexp.fr.pem
> 
> 
> with the request:
> ldapmodify -Y EXTERNAL -H ldapi:/// -f /root/01-SSL.ldif
> 
> result:
> modifying entry "cn=config"
> ldap_modify: Other (e.g., implementation specific) error (80)
> 
> Any idea?
> 
> Please find log content bellow
> 
> 023-12-13T14:26:31.500282+01:00 bea-chicago slapd[63531]: #011#011one value, length \
> 33 2023-12-13T14:26:31.500380+01:00 bea-chicago slapd[63531]: #011add: \
> olcTLSCertificateKeyFile 2023-12-13T14:26:31.500452+01:00 bea-chicago slapd[63531]: \
> #011#011one value, length 37 2023-12-13T14:26:31.500528+01:00 bea-chicago \
> slapd[63531]: #011add: olcTLSCertificateFile 2023-12-13T14:26:31.500603+01:00 \
> bea-chicago slapd[63531]: #011#011one value, length 35 \
> 2023-12-13T14:26:31.500676+01:00 bea-chicago slapd[63531]: conn=1007 op=1 MOD \
> dn="cn=config" 2023-12-13T14:26:31.500748+01:00 bea-chicago slapd[63531]: conn=1007 \
> op=1 MOD attr=olcTLSCACertificateFile olcTLSCertificateKeyFile \
> olcTLSCertificateFile 2023-12-13T14:26:31.500823+01:00 bea-chicago slapd[63531]: => \
> access_allowed: result not in cache (olcTLSCACertificateFile) \
> 2023-12-13T14:26:31.500884+01:00 bea-chicago slapd[63531]: => access_allowed: add \
> access to "cn=config" "olcTLSCACertificateFile" requested \
> 2023-12-13T14:26:31.500960+01:00 bea-chicago slapd[63531]: => acl_get: [1] attr \
> olcTLSCACertificateFile 2023-12-13T14:26:31.501039+01:00 bea-chicago slapd[63531]: \
> => acl_mask: access to entry "cn=config", attr "olcTLSCACertificateFile" requested \
> 2023-12-13T14:26:31.501110+01:00 bea-chicago slapd[63531]: => acl_mask: to value by \
> "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0) \
> 2023-12-13T14:26:31.501191+01:00 bea-chicago slapd[63531]: <= check a_dn_pat: \
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \
> 2023-12-13T14:26:31.501270+01:00 bea-chicago slapd[63531]: <= acl_mask: [1] \
> applying manage(=mwrscxd) (stop) 2023-12-13T14:26:31.501338+01:00 bea-chicago \
> slapd[63531]: <= acl_mask: [1] mask: manage(=mwrscxd) \
> 2023-12-13T14:26:31.501394+01:00 bea-chicago slapd[63531]: => slap_access_allowed: \
> add access granted by manage(=mwrscxd) 2023-12-13T14:26:31.501477+01:00 bea-chicago \
> slapd[63531]: => access_allowed: add access granted by manage(=mwrscxd) \
> 2023-12-13T14:26:31.501563+01:00 bea-chicago slapd[63531]: => access_allowed: \
> result not in cache (olcTLSCertificateKeyFile) 2023-12-13T14:26:31.501638+01:00 \
> bea-chicago slapd[63531]: => access_allowed: add access to "cn=config" \
> "olcTLSCertificateKeyFile" requested 2023-12-13T14:26:31.501710+01:00 bea-chicago \
> slapd[63531]: => acl_get: [1] attr olcTLSCertificateKeyFile \
> 2023-12-13T14:26:31.501797+01:00 bea-chicago slapd[63531]: => acl_mask: access to \
> entry "cn=config", attr "olcTLSCertificateKeyFile" requested \
> 2023-12-13T14:26:31.501877+01:00 bea-chicago slapd[63531]: => acl_mask: to value by \
> "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0) \
> 2023-12-13T14:26:31.501965+01:00 bea-chicago slapd[63531]: <= check a_dn_pat: \
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \
> 2023-12-13T14:26:31.502028+01:00 bea-chicago slapd[63531]: <= acl_mask: [1] \
> applying manage(=mwrscxd) (stop) 2023-12-13T14:26:31.502087+01:00 bea-chicago \
> slapd[63531]: <= acl_mask: [1] mask: manage(=mwrscxd) \
> 2023-12-13T14:26:31.502151+01:00 bea-chicago slapd[63531]: => slap_access_allowed: \
> add access granted by manage(=mwrscxd) 2023-12-13T14:26:31.502210+01:00 bea-chicago \
> slapd[63531]: => access_allowed: add access granted by manage(=mwrscxd) \
> 2023-12-13T14:26:31.502271+01:00 bea-chicago slapd[63531]: => access_allowed: \
> result not in cache (olcTLSCertificateFile) 2023-12-13T14:26:31.502344+01:00 \
> bea-chicago slapd[63531]: => access_allowed: add access to "cn=config" \
> "olcTLSCertificateFile" requested 2023-12-13T14:26:31.502420+01:00 bea-chicago \
> slapd[63531]: => acl_get: [1] attr olcTLSCertificateFile \
> 2023-12-13T14:26:31.502483+01:00 bea-chicago slapd[63531]: => acl_mask: access to \
> entry "cn=config", attr "olcTLSCertificateFile" requested \
> 2023-12-13T14:26:31.502559+01:00 bea-chicago slapd[63531]: => acl_mask: to value by \
> "gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0) \
> 2023-12-13T14:26:31.502621+01:00 bea-chicago slapd[63531]: <= check a_dn_pat: \
> gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth \
> 2023-12-13T14:26:31.502680+01:00 bea-chicago slapd[63531]: <= acl_mask: [1] \
> applying manage(=mwrscxd) (stop) 2023-12-13T14:26:31.502751+01:00 bea-chicago \
> slapd[63531]: <= acl_mask: [1] mask: manage(=mwrscxd) \
> 2023-12-13T14:26:31.502813+01:00 bea-chicago slapd[63531]: => slap_access_allowed: \
> add access granted by manage(=mwrscxd) 2023-12-13T14:26:31.502867+01:00 bea-chicago \
> slapd[63531]: => access_allowed: add access granted by manage(=mwrscxd) \
> 2023-12-13T14:26:31.502928+01:00 bea-chicago slapd[63531]: slap_get_csn: conn=1007 \
> op=1 generated new csn=20231213132631.497094Z#000000#000#000000 manage=1 \
> 2023-12-13T14:26:31.502991+01:00 bea-chicago slapd[63531]: slap_queue_csn: queueing \
> 0x7f57e0000bd0 20231213132631.497094Z#000000#000#000000 \
> 2023-12-13T14:26:31.503060+01:00 bea-chicago slapd[63531]: oc_check_required entry \
> (cn=config), objectClass "olcGlobal" 2023-12-13T14:26:31.503136+01:00 bea-chicago \
> slapd[63531]: oc_check_allowed type "objectClass" 2023-12-13T14:26:31.503222+01:00 \
> bea-chicago slapd[63531]: oc_check_allowed type "cn" \
> 2023-12-13T14:26:31.503286+01:00 bea-chicago slapd[63531]: oc_check_allowed type \
> "olcArgsFile" 2023-12-13T14:26:31.503353+01:00 bea-chicago slapd[63531]: \
> oc_check_allowed type "olcLogLevel" 2023-12-13T14:26:31.503434+01:00 bea-chicago \
> slapd[63531]: oc_check_allowed type "olcPidFile" 2023-12-13T14:26:31.503498+01:00 \
> bea-chicago slapd[63531]: oc_check_allowed type "olcToolThreads" \
> 2023-12-13T14:26:31.503558+01:00 bea-chicago slapd[63531]: oc_check_allowed type \
> "structuralObjectClass" 2023-12-13T14:26:31.503622+01:00 bea-chicago slapd[63531]: \
> oc_check_allowed type "entryUUID" 2023-12-13T14:26:31.503673+01:00 bea-chicago \
> slapd[63531]: oc_check_allowed type "creatorsName" 2023-12-13T14:26:31.503753+01:00 \
> bea-chicago slapd[63531]: oc_check_allowed type "createTimestamp" \
> 2023-12-13T14:26:31.503830+01:00 bea-chicago slapd[63531]: oc_check_allowed type \
> "olcTLSCACertificateFile" 2023-12-13T14:26:31.503912+01:00 bea-chicago \
> slapd[63531]: oc_check_allowed type "olcTLSCertificateKeyFile" \
> 2023-12-13T14:26:31.503982+01:00 bea-chicago slapd[63531]: oc_check_allowed type \
> "olcTLSCertificateFile" 2023-12-13T14:26:31.504056+01:00 bea-chicago slapd[63531]: \
> oc_check_allowed type "entryCSN" 2023-12-13T14:26:31.504121+01:00 bea-chicago \
> slapd[63531]: oc_check_allowed type "modifiersName" \
> 2023-12-13T14:26:31.504183+01:00 bea-chicago slapd[63531]: oc_check_allowed type \
> "modifyTimestamp" 2023-12-13T14:26:31.504246+01:00 bea-chicago slapd[63531]: \
> daemon: activity on 1 descriptor 2023-12-13T14:26:31.504301+01:00 bea-chicago \
> slapd[63531]: daemon: activity on: 2023-12-13T14:26:31.504366+01:00 bea-chicago \
> slapd[63531]: 2023-12-13T14:26:31.504420+01:00 bea-chicago slapd[63531]: \
> send_ldap_result: conn=1007 op=1 p=3 2023-12-13T14:26:31.504491+01:00 bea-chicago \
> slapd[63531]: send_ldap_result: err=80 matched="" text="" \
> 2023-12-13T14:26:31.504557+01:00 bea-chicago slapd[63531]: send_ldap_response: \
> msgid=2 tag=103 err=80

-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre 
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter 
https://www.dgn.de/dgncert/index.html
Download der root-Zertifikate: https://www.dgn.de/dgncert/downloads.html

Neuer GPG-Key der public key befindet sich im Anhang


["smime.p7s" (application/pkcs7-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic