Date: Thu, 6 May 2010 14:53:26 +0200 From: Maciej Milewski <milu@dat.pl> To: freebsd-questions@freebsd.org Subject: Re: LDAP and LDAPS on the same server ? Message-ID: <201005061453.27093.milu@dat.pl> In-Reply-To: <4BE2B2FA.1010900@esiee.fr> References: <4BE2B2FA.1010900@esiee.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Dnia czwartek, 6 maja 2010 o 14:15:54 Frank Bonnet napisa=B3(a): > Hello >=20 > I actually have an Openldap directory server that runs on a FreeBSD box > at 8.0-RELEASE amd64 >=20 > It runs nicely but I want to add LDAPS service on the SAME server. >=20 > Is it possible ? I have generated >=20 > cert.crt > cert.csr > cert.key >=20 > as instructed in the FreeBSD howto but when I add the following > lines in slapd.conf file it fails to restart >=20 > TLSCACertificateFile /usr/local/etc/openldap/ssl/cert.crt It is certificate of CA(Certificate Authority). I think it should be differ= ent=20 than your server certificate. If you create self-signed certificate you fir= st=20 create your own CA and then issue certificate for the server or clients. > TLSCertificateFile /usr/local/etc/openldap/ssl/cert.crt > TLSCertificateKeyFile /usr/local/etc/openldap/ssl/cert.key >=20 > in ldap.conf file I have the following >=20 > # > # LDAP Defaults > # >=20 > # See ldap.conf(5) for details > # This file should be world readable but not world writable. >=20 > BASE dc=3Desiee,dc=3Dfr > URI ldap://ldap.esiee.fr ldaps://ldap.esiee.fr >=20 > #SIZELIMIT 12 > #TIMELIMIT 15 > #DEREF never This is used for client side not server side. > What did I missed ? slapd_flags in rc.conf? Maciek
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201005061453.27093.milu>