[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: Re: SSL certificate install
From: Howard Chu <hyc () symas ! com>
Date: 2023-12-14 9:46:18
Message-ID: ac27d9cc-a936-a427-b482-ae7380b8c944 () symas ! com
[Download RAW message or body]
Stefan Kania wrote:
> Syntax error? Open your file with vi and do a "set: list" and you will see \
> additional blanks and tabstops.
>
> Am 13.12.23 um 14:28 schrieb Jean-Luc Chandezon:
> > >
> > > You are missing "changetype: modify"
> > >
> > > this is how it should look
> > > -------------
> > > dn: cn=config
> > > changetype: modify
> > > add: olcTLSCertificateFile
> > > olcTLSCertificateFile: /opt/symas/etc/openldap/example-net-cert.pem
> > > -
> > > add: olcTLSCertificateKeyFile
> > > olcTLSCertificateKeyFile: /opt/symas/etc/openldap/example-net-key.pem
> > > -
> > > add: olcTLSCACertificateFile
> > > olcTLSCACertificateFile: /opt/symas/etc/openldap/cacert.pem
> > >
> > > -------------
> > > Stefan
> > >
> >
> > Thank you Stefan!
> > Sorry for the mistake due to last changes.
> >
> > Our ldf file content is:
> >
> > dn: cn=config
> > changetype: modify
> > add: olcTLSCACertificateFile
> > olcTLSCACertificateFile: /etc/ssl/certs/LEXP_Infra_CA1.pem
> > -
> > add: olcTLSCertificateKeyFile
> > olcTLSCertificateKeyFile: /etc/ssl/private/annuaire.lexp.fr.key
> > -
> > add: olcTLSCertificateFile
> > olcTLSCertificateFile: /etc/ssl/certs/annuaire.lexp.fr.pem
> >
> >
> > with the request:
> > ldapmodify -Y EXTERNAL -H ldapi:/// -f /root/01-SSL.ldif
> > result:
> > modifying entry "cn=config"
> > ldap_modify: Other (e.g., implementation specific) error (80)
> >
> > Any idea?
> >
> > Please find log content bellow
> >
> > 023-12-13T14:26:31.500282+01:00 bea-chicago slapd[63531]: #011#011one value, \
> > length 33 2023-12-13T14:26:31.500380+01:00 bea-chicago slapd[63531]: #011add: \
> > olcTLSCertificateKeyFile 2023-12-13T14:26:31.500452+01:00 bea-chicago \
> > slapd[63531]: #011#011one value, length 37
As always - set a higher debug level and examine the debug output. Not the syslog \
output. syslog is for recording routine operation, not for isolating problems. Use \
the debug output for troubleshooting.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic