Hi, Everybody Thanks a lot for interesting in my problem. I've fixed it. The problem was permissions. User openldap wasn't able to read /etc/ssl/certs directory.
CheerS On Sun, Jan 8, 2017 at 10:20 AM, MrBiTs <[email protected]> wrote: > Hello, all. Happy 2017 > > From the years 2009 to 2012 I've administrate as OpenLDAP cluster using > SSL configurations, something like that: > > backend hdb > sizelimit unlimited > allow bind_v2 > concurrency 100 > > TLSCipherSuite HIGH:MEDIUM:+SSLv2 > TLSCACertificateFile: /etc/ssl/certs/ca_server.pem > TLSCertificateFile: /etc/ssl/certs/ldap_server.pem > TLSCertificateKeyFile: /etc/ssl/private/ldap_server.key > TLSVerifyClient never > > access to attrs=userPassword by anonymous auth by self write by * none > access to * by self write by * none > > > loglevel 3 > # Database configuration > > database hdb > suffix "dc=example,dc=com" > > This year I'll start to admin another cluster, now installed in Ubuntu > 16.04 using: > > slapd/xenial-updates,now 2.4.42+dfsg-2ubuntu3.1 amd64 [installed] > OpenLDAP server (slapd) > > If I remove TLS directives from slapd.conf, the server runs fine but, of > course, just using LDAP protocol without any kind of cryptography. Using > the TLS directives, I always have the error > > /etc/ldap/slapd.conf: line 27: unknown directive <TLSCertificateFile:> > outside backend info and database definitions. > > I did research in Google and read man 5 slapd.conf and I GUESS directives > are in the right place in slapd.conf. > > Anybody face this error recently and can help me with some tips? > > Thanks in advance > > > > -- > > LLAP > > .0. MrBiTs - [email protected] > ..0 GnuPG - http://keyserver.fug.com.br:11371/pks/lookup?op=get&; > search=0x6EC818FC2B3CA5AB > 000 http://www.mrbits.com.br > -- LLAP .0. MrBiTs - [email protected] ..0 GnuPG - http://keyserver.fug.com.br:11371/pks/lookup?op=get&search=0x6EC818FC2B3CA5AB 000 http://www.mrbits.com.br
