Thank you. That did the trick. many thanks Howard! Stefan
Am Freitag, 5. März 2021 schrieb Howard Chu <[email protected]>: > Stefan Bauer wrote: > > Hi, > > > > the internet is full of "tips" to solve the above problem. I'm pulling > my hairs and can not find the real issue since days. any help is greatly > appreciated. > > Do the change as a single operation: > > dn: cn=config > changetype: modify > add: olcTLSCertificateKeyFile > olcTLSCertificateKeyFile: /etc/ldap/key.key > - > add: olcTLSCertificateFile > olcTLSCertificateFile: /etc/ldap/cert.pem > > > > > > --------- enable_ssl.ldiff --------------- > > dn: cn=config > > changetype: modify > > add: olcTLSCertificateKeyFile > > olcTLSCertificateKeyFile: /etc/ldap/key.key > > > > dn: cn=config > > changetype: modify > > add: olcTLSCertificateFile > > olcTLSCertificateFile: /etc/ldap/cert.pem > > --------- enable_ssl.ldiff --------------- > > > > # ls -alh /etc/ldap/cert.pem /etc/ldap/key.key > > -rwxrwxrwx 1 root root 1,1K Mär 1 21:43 /etc/ldap/cert.pem > > -rwxrwxrwx 1 root root 1,7K Mär 1 21:21 /etc/ldap/key.key > > > > # openssl rsa -noout -modulus -in /etc/ldap/key.key | openssl md5 > > (stdin)= 45b4165df200817a20857fb453acd33e > > # openssl x509 -noout -modulus -in /etc/ldap/cert.pem | openssl md5 > > (stdin)= 45b4165df200817a20857fb453acd33e > > > > # head -n2 /etc/ldap/cert.pem > > -----BEGIN CERTIFICATE----- > > MIIFmDCCBICgAwIBAgIQBFMR6HMGTGjQIjSj4sQX+TANBgkqhkiG9w0BAQsFADBu > > # head -n2 /etc/ldap/key.key > > -----BEGIN RSA PRIVATE KEY----- > > MIIEowIBAAKCAQEAvrDddMwXoy10diqDpqd45jaC8HiGKz7KC5X3W0ZLvCshylu0 > > > > > > ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v > > > > # ldapmodify -Y EXTERNAL -H ldapi:/// -f enable_ssl.ldif -v > > ldap_initialize( ldapi:///??base ) > > SASL/EXTERNAL authentication started > > SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > > SASL SSF: 0 > > add olcTLSCertificateKeyFile: > > /etc/ldap/key.key > > modifying entry "cn=config" > > ldap_modify: Other (e.g., implementation specific) error (80) > > > > I can however modify other values like /olcLogLevel/ without problems. > > > > Debian 10 latest: > > 2.4.47+dfsg-3+deb10u6 > > # slapd -VVV > > @(#) $OpenLDAP: slapd (Feb 14 2021 18:32:34) $ > > Debian OpenLDAP Maintainers <[email protected] > <mailto:[email protected]>> > > > > Included static backends: > > config > > ldif > > > > Stefan. > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ >
