I recently installed OpenLDAP and I can start it with the base configuration after only changing the domain name and root secret.
Then I added these directives to /usr/local/etc/openldap/slapd.conf:
Now when I try to start slapd(8), I get this error:
I figured out that it is specifically the TLSCertificateFile and TLSCACertificateFile. I ensured that I used chmod(1) to change the ownership of those files to the user ldap and their permissions actually allow any user to read (just as a temporary measure).
I don't see slapd(8) logging anywhere either to see a more detailed reason why it wouldn't start.
Oh, and another thing: I initially got a DB error (Unrecognized database type (mdb)) so I uncommented out the moduleload back_mdb line in slapd.conf.
How do I get TLS working on my instance of OpenLDAP?
Then I added these directives to /usr/local/etc/openldap/slapd.conf:
Code:
security ssf=128
TLSCertificateFile /path/to/your/cert.crt
TLSCertificateKeyFile /path/to/your/cert.key
TLSCACertificateFile /path/to/your/cert.crt
Now when I try to start slapd(8), I get this error:
Code:
root@hyperion:~ # /usr/local/etc/rc.d/slapd start
Starting slapd.
/usr/local/etc/rc.d/slapd: WARNING: failed to start slapd
I figured out that it is specifically the TLSCertificateFile and TLSCACertificateFile. I ensured that I used chmod(1) to change the ownership of those files to the user ldap and their permissions actually allow any user to read (just as a temporary measure).
I don't see slapd(8) logging anywhere either to see a more detailed reason why it wouldn't start.
Oh, and another thing: I initially got a DB error (Unrecognized database type (mdb)) so I uncommented out the moduleload back_mdb line in slapd.conf.
How do I get TLS working on my instance of OpenLDAP?
Last edited by a moderator: