Am Wed, 19 Feb 2014 13:35:13 -0500 schrieb Tim Dunphy <[email protected]>:
> Hey ldap folks! > > I've attempted to add TLS capabilities to my newly created LDAP server > using the following document: > > http://www.server-world.info/en/note?os=CentOS_6&p=ldap&f=3 > > This is how my cert files are looking in terms of ownership and > permissions: > > [root@puppet:~] #ls -l /etc/pki/tls/*/* | grep ldap > -r-------- 1 ldap root 1241 Feb 19 13:06 /etc/pki/tls/certs/ldap.crt > -r-------- 1 ldap root 1021 Feb 19 13:05 /etc/pki/tls/misc/ldap.csr > -r-------- 1 ldap root 1679 Feb 19 > 13:01 /etc/pki/tls/private/ldap.key > > I got to the point where I'm attempting to add the configuration > parameters to my ldap setup like so: > > [root@puppet:~] #ldapmodify -Y EXTERNAL -H ldapi:/// > SASL/EXTERNAL authentication started > SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > SASL SSF: 0 > dn: cn=config > add: olcTLSCertificateFile > olcTLSCertificateFile: /etc/pki/tls/certs/ldap.crt Don't rely on third party documentation! Read the manual pages! In particular ldapmodify(1). You are missing the changetype attribute. [...] -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
