On Mon, Nov 30, 2020 at 9:09 AM Ryan Tandy <[email protected]> wrote: > The openldap packages in Ubuntu use GnuTLS as the TLS library, not > OpenSSL. Therefore the value of olcTLSCipherSuite has to be a GnuTLS > priority string, not an OpenSSL cipher list.
Confirmed. This was indeed the problem. Thank you! On Mon, Nov 30, 2020 at 9:09 AM Ryan Tandy <[email protected]> wrote: > > On Fri, Nov 27, 2020 at 01:58:36PM -0800, Benjamin Schneider wrote: > >Hi all, I'm running version 2.4.49 on Ubuntu 20.04. I've been unable to add > >the olcTLSCipherSuite configuration attribute. > > > ># ldapmodify -H ldapi:// -Y EXTERNAL -f set-ciphersuite.ldif > > > >returns: > > > >SASL/EXTERNAL authentication started > >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth > >SASL SSF: 0 > >modifying entry "cn=config" > >ldap_modify: Other (e.g., implementation specific) error (80) > > > >set-ciphersuite.ldif contains the following: > > > >dn: cn=config > >changetype: modify > >add: olcTLSCipherSuite > >olcTLSCipherSuite: ALL > > The openldap packages in Ubuntu use GnuTLS as the TLS library, not > OpenSSL. Therefore the value of olcTLSCipherSuite has to be a GnuTLS > priority string, not an OpenSSL cipher list. > > https://gnutls.org/manual/html_node/Priority-Strings.html > > You might also be interested in olcTLSProtocolMin.
