From owner-freebsd-questions@FreeBSD.ORG Thu May 6 12:53:41 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 78BED106566C for ; Thu, 6 May 2010 12:53:41 +0000 (UTC) (envelope-from milu@dat.pl) Received: from jab.dat.pl (dat.pl [80.51.155.34]) by mx1.freebsd.org (Postfix) with ESMTP id 354068FC0C for ; Thu, 6 May 2010 12:53:40 +0000 (UTC) Received: from jab.dat.pl (jsrv.dat.pl [127.0.0.1]) by jab.dat.pl (Postfix) with ESMTP id E07565C49 for ; Thu, 6 May 2010 14:53:38 +0200 (CEST) X-Virus-Scanned: amavisd-new at dat.pl Received: from jab.dat.pl ([127.0.0.1]) by jab.dat.pl (jab.dat.pl [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 8clZN0IXU0hG for ; Thu, 6 May 2010 14:53:35 +0200 (CEST) Received: from snifi.localnet (unknown [87.204.241.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by jab.dat.pl (Postfix) with ESMTPSA id C043C5C35 for ; Thu, 6 May 2010 14:53:35 +0200 (CEST) From: Maciej Milewski To: freebsd-questions@freebsd.org Date: Thu, 6 May 2010 14:53:26 +0200 User-Agent: KMail/1.12.4 (Linux/2.6.32-trunk-686; KDE/4.3.4; i686; ; ) References: <4BE2B2FA.1010900@esiee.fr> In-Reply-To: <4BE2B2FA.1010900@esiee.fr> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Message-Id: <201005061453.27093.milu@dat.pl> Subject: Re: LDAP and LDAPS on the same server ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 May 2010 12:53:41 -0000 Dnia czwartek, 6 maja 2010 o 14:15:54 Frank Bonnet napisa=B3(a): > Hello >=20 > I actually have an Openldap directory server that runs on a FreeBSD box > at 8.0-RELEASE amd64 >=20 > It runs nicely but I want to add LDAPS service on the SAME server. >=20 > Is it possible ? I have generated >=20 > cert.crt > cert.csr > cert.key >=20 > as instructed in the FreeBSD howto but when I add the following > lines in slapd.conf file it fails to restart >=20 > TLSCACertificateFile /usr/local/etc/openldap/ssl/cert.crt It is certificate of CA(Certificate Authority). I think it should be differ= ent=20 than your server certificate. If you create self-signed certificate you fir= st=20 create your own CA and then issue certificate for the server or clients. > TLSCertificateFile /usr/local/etc/openldap/ssl/cert.crt > TLSCertificateKeyFile /usr/local/etc/openldap/ssl/cert.key >=20 > in ldap.conf file I have the following >=20 > # > # LDAP Defaults > # >=20 > # See ldap.conf(5) for details > # This file should be world readable but not world writable. >=20 > BASE dc=3Desiee,dc=3Dfr > URI ldap://ldap.esiee.fr ldaps://ldap.esiee.fr >=20 > #SIZELIMIT 12 > #TIMELIMIT 15 > #DEREF never This is used for client side not server side. > What did I missed ? slapd_flags in rc.conf? Maciek