From owner-freebsd-questions@FreeBSD.ORG Thu May 6 12:54:41 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 67B8A1065673 for ; Thu, 6 May 2010 12:54:41 +0000 (UTC) (envelope-from f.bonnet@esiee.fr) Received: from mx1.esiee.fr (mx1.esiee.fr [147.215.1.35]) by mx1.freebsd.org (Postfix) with ESMTP id 2D08B8FC2C for ; Thu, 6 May 2010 12:54:40 +0000 (UTC) Received: from mail.esiee.fr (mail.esiee.fr [147.215.1.3]) by mx1.esiee.fr (Postfix) with ESMTP id 6551A136CA4; Thu, 6 May 2010 14:54:40 +0200 (CEST) Received: from mail.esiee.fr (localhost [127.0.0.1]) by VAMS.dummy (Postfix) with SMTP id 4AE41105441F; Thu, 6 May 2010 14:54:40 +0200 (CEST) Received: from lisa.esiee.fr (lisa.esiee.fr [147.215.1.21]) by mail.esiee.fr (Postfix) with ESMTP id 32CEC1054419; Thu, 6 May 2010 14:54:40 +0200 (CEST) Message-ID: <4BE2BC10.40301@esiee.fr> Date: Thu, 06 May 2010 14:54:40 +0200 From: Frank Bonnet User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.9) Gecko/20100415 Thunderbird/3.0.4 MIME-Version: 1.0 To: Boris Samorodov References: <4BE2B2FA.1010900@esiee.fr> <07494512@bb.ipt.ru> In-Reply-To: <07494512@bb.ipt.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions Subject: Re: LDAP and LDAPS on the same server ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 May 2010 12:54:41 -0000 On 05/06/10 14:34, Boris Samorodov wrote: > On Thu, 06 May 2010 14:15:54 +0200 Frank Bonnet wrote: > >> I actually have an Openldap directory server that runs on a FreeBSD box >> at 8.0-RELEASE amd64 > >> It runs nicely but I want to add LDAPS service on the SAME server. > >> Is it possible ? I have generated > >> cert.crt >> cert.csr >> cert.key > >> as instructed in the FreeBSD howto but when I add the following >> lines in slapd.conf file it fails to restart > >> TLSCACertificateFile /usr/local/etc/openldap/ssl/cert.crt >> TLSCertificateFile /usr/local/etc/openldap/ssl/cert.crt >> TLSCertificateKeyFile /usr/local/etc/openldap/ssl/cert.key > >> in ldap.conf file I have the following > >> # >> # LDAP Defaults >> # > >> # See ldap.conf(5) for details >> # This file should be world readable but not world writable. > >> BASE dc=esiee,dc=fr >> URI ldap://ldap.esiee.fr ldaps://ldap.esiee.fr > >> #SIZELIMIT 12 >> #TIMELIMIT 15 >> #DEREF never > >> What did I missed ? > > I'm not sure but maybe you should add the following line to > /etc/rc.conf[.local]: > ----- > slapd_flags='-h "ldap:/// ldaps:///"' > ----- > > Look at SLAPD(8C) for more details. > Cool ! it works , Thanks Boris :-)