Stefan Bauer wrote: > Hi, > > the internet is full of "tips" to solve the above problem. I'm pulling my > hairs and can not find the real issue since days. any help is greatly > appreciated.
Do the change as a single operation: dn: cn=config changetype: modify add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/key.key - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/cert.pem > > --------- enable_ssl.ldiff --------------- > dn: cn=config > changetype: modify > add: olcTLSCertificateKeyFile > olcTLSCertificateKeyFile: /etc/ldap/key.key > > dn: cn=config > changetype: modify > add: olcTLSCertificateFile > olcTLSCertificateFile: /etc/ldap/cert.pem > --------- enable_ssl.ldiff --------------- > > # ls -alh /etc/ldap/cert.pem /etc/ldap/key.key > -rwxrwxrwx 1 root root 1,1K Mär 1 21:43 /etc/ldap/cert.pem > -rwxrwxrwx 1 root root 1,7K Mär 1 21:21 /etc/ldap/key.key > > # openssl rsa -noout -modulus -in /etc/ldap/key.key | openssl md5 > (stdin)= 45b4165df200817a20857fb453acd33e > # openssl x509 -noout -modulus -in /etc/ldap/cert.pem | openssl md5 > (stdin)= 45b4165df200817a20857fb453acd33e > > # head -n2 /etc/ldap/cert.pem > -----BEGIN CERTIFICATE----- > MIIFmDCCBICgAwIBAgIQBFMR6HMGTGjQIjSj4sQX+TANBgkqhkiG9w0BAQsFADBu > # head -n2 /etc/ldap/key.key > -----BEGIN RSA PRIVATE KEY----- > MIIEowIBAAKCAQEAvrDddMwXoy10diqDpqd45jaC8HiGKz7KC5X3W0ZLvCshylu0 > > > ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v > > # ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v > ldap_initialize( ldapi:///??base ) > SASL/EXTERNAL authentication started > SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > SASL SSF: 0 > add olcTLSCertificateKeyFile: > /etc/ldap/key.key > modifying entry "cn=config" > ldap_modify: Other (e.g., implementation specific) error (80) > > I can however modify other values like /olcLogLevel/ without problems. > > Debian 10 latest: > 2.4.47+dfsg-3+deb10u6 > # slapd -VVV > @(#) $OpenLDAP: slapd (Feb 14 2021 18:32:34) $ > Debian OpenLDAP Maintainers <[email protected] > <mailto:[email protected]>> > > Included static backends: > config > ldif > > Stefan. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
