Hi Quanah Thanks for the recommendation. I'm confused, then, that the official openldap.org documentation at https://www.openldap.org/doc/admin26/tls.html does NOT suggest use of cn=config. Can someone explain why?
Thanks tl Internal Use - Confidential -----Original Message----- From: Quanah Gibson-Mount <qua...@fast-mail.org> Sent: Monday, May 15, 2023 2:00 PM To: Lemons, Terry Cc: openldap-technical@openldap.org Subject: RE: Debugging TLS negotiation failure [EXTERNAL EMAIL] --On Monday, May 15, 2023 6:25 PM +0000 "Lemons, Terry" <terry.lem...@dell.com> wrote: > So, has most/all of my TLS problems been because I'm not using the > correct command to start slapd? > > Here is the command I've been using: > > /usr/local/libexec/slapd -F /usr/local/etc/slapd.d -s 1 -h "ldap:/// > ldaps:///" > > What command should I use if I want slapd to read the TLS values from > /usr/local/etc/openldap/slapd.conf? slapd.conf is the historic method of configuring OpenLDAP. General best advise these days is to use cn=config. I would suggest you familiarize yourself with how to use cn=config rather than change to using slapd.conf. --Quanah
