Date: Thu, 16 Oct 2014 07:43:31 -0500 From: "Jay West" <jwest@ezwind.net> To: <freebsd-doc@FreeBSD.org> Subject: handbook errata? Message-ID: <000201cfe93e$cb0ffae0$612ff0a0$@ezwind.net>
next in thread | raw e-mail | index | archive | help
Not completely sure this is a documentation "error", but it's a bit unclear and will possibly lead to headscratching (in my case it did anyways.). The docs on setting up openldap: https://www.freebsd.org/doc/en/articles/ldap-auth/ldap.html It says to add the following to sldap.conf: security ssf=128 TLSCertificateFile /path/to/your/cert.crt TLSCertificateKeyFile /path/to/your/cert.key TLSCACertificateFile /path/to/your/cacert.crt Then later on the page it gives the openssl commands to create cert.crt, cert.csr, and cert.key. Note - the openssl commands given do NOT create a "cacert.crt". However, the document does mention that "cert.crt and cacert.crt are the same file". Following the instructions verbatim will lead to no cacert.crt file existing and with the suggested additions to slapd.conf above, slapd will fail to start with no errors given. I was able to find the error by running: /usr/local/libexec/slapd -d -1 -u ldap -g ldap And the output at the very end suggests it can't find "cacert.crt". To solve the problem I just changed the suggested additions to slapd.conf on the last line (TLSCACertificateFile to be /path/to/your/cert.crt instead of /path/to/your/cacert.crt). I'm not sure if the public would be better served by changing the suggested lines (last line, for TLSCA.) as I did, or by adding a note that you need to copy cert.crt to cacert.crt. Whichever would be "more correct". Thanks a *HUGE* amount for all the work you folks do on the handbook/documentation. It is all very much appreciated! Jay West, President EZwind.net 11 The Pines Court, Suite B Chesterfield, MO 63141 P: 314-781-1800 F: 314-558-9284 E: jwest@ezwind.net W: www.ezwind.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000201cfe93e$cb0ffae0$612ff0a0$>