search for: tlscacertificatefile

...the various cert/key files into my slapd.conf file like this: LBSD2# cat slapd.conf | grep -i tls ## TLS options for slapd TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /usr/local/etc/openldap/cacerts/bsd2.summitnjhome.com.crt TLSCertificateKeyFile /usr/local/etc/openldap/cacerts/slapd.pem TLSCACertificateFile /usr/local/etc/openldap/cacerts/sf_issuing.crt Slapd restarts cleanly! LBSD2# /usr/local/etc/rc.d/slapd restart Stopping slapd. Waiting for PIDS: 81924. Starting slapd. Then I attempt to setup a virtual instance of CentOS 5.5 on the client side and that's where things fall apart...I attem...

Hi everybody I have setting my ldap server. But I created an certificate with the following command: cd /usr/share/ssl/certs; make ldap.pem Then edit slapd.conf file a insert the following lines: TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /usr/share/ssl/certs/ldap.pem TLSCertificateFile /usr/share/ssl/certs/ldap.pem TLSCertificateKeyFile /usr/share/ssl/certs/ldap.pem I restart the service. Then, I run the comando authconfig and I select ldap with tls. I review the logs ldap server a thrown the following: Mar 5 11:54:38 eucalipto sl...

...conf like so: [root at LBSD2:/usr/home/bluethundr]#grep -i tls /usr/local/etc/openldap/slapd.conf## TLS options for slapd TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /usr/local/etc/openldap/cacerts/LBSD2.summitnjhome.com.crt TLSCertificateKeyFile /usr/local/etc/openldap/cacerts/slapd.pem TLSCACertificateFile /usr/local/etc/openldap/cacerts/sf_issuing.crt I have tried each of the following certs with no luck in getting my cert to talk to it's CA: -rw-r--r-- 1 root bluethundr 2604 Nov 25 11:37 ca_bundle.crt -r--r----- 1 root ldap 4604 Nov 24 18:57 gd_bundle.crt -r--r----- 1 root ldap...

Hello, I have also installed LE certs. But nothing helps, I have double-checking all certs. ldapsearch with -ZZ works see: https://gwarband.de/openldap/ldapsearch.log I have also uploaded the TLSCACertificateFile, maybe I have a failure in the merge of the two fiels: https://gwarband.de/openldap/LetsEncrypt.crt And also I have uploaded my complete openldap configuration: https://gwarband.de/openldap/openldap.conf All other components can work and communicate with my openldap server. The components are po...

...at gwarband.de wrote: >> Hello, >> >> I have also installed LE certs. >> But nothing helps, I have double-checking all certs. >> >> ldapsearch with -ZZ works see: >> https://gwarband.de/openldap/ldapsearch.log >> >> I have also uploaded the TLSCACertificateFile, maybe I have a failure >> in >> the merge of the two fiels: >> https://gwarband.de/openldap/LetsEncrypt.crt >> >> And also I have uploaded my complete openldap configuration: >> https://gwarband.de/openldap/openldap.conf >> >> All other components...

...ll.la # The next three lines allow use of TLS for connections using a dummy test # certificate, but you should generate a proper certificate by changing to # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. #TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt #TLSCertificateFile /usr/share/ssl/certs/slapd.pem #TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem TLSCACertificateFile /usr/share/ssl/certs/cacert.pem TLSCertificateFile /usr/share/ssl/certs/slapdcrt.pem TLSCertificateKeyFile /usr/share/ssl/certs/slapdkey.p...

...t;>> I have also installed LE certs. >>>> But nothing helps, I have double-checking all certs. >>>> >>>> ldapsearch with -ZZ works see: >>>> https://gwarband.de/openldap/ldapsearch.log >>>> >>>> I have also uploaded the TLSCACertificateFile, maybe I have a >>>> failure in >>>> the merge of the two fiels: >>>> https://gwarband.de/openldap/LetsEncrypt.crt >>>> >>>> And also I have uploaded my complete openldap configuration: >>>> https://gwarband.de/openldap/openl...

...ot;--with-ssl" option? It's said no. ############################################## LDAP CONF: -------------------------- ######################## # certificats et clefs TLSCertificateKeyFile /opt/openldap/pem/ldapuckey.pem TLSCertificateFile /opt/openldap/pem/ldapcert.pem TLSCACertificateFile /opt/openldap/pem/demoCA/cacert.pem ############################################## SMB CONF: -------------------------- # LDAP: ldap server = obiwan ldap port = 389 ldap suffix = "ou=samba, dc=obiwan,dc=fr" # LDAP SSL: ldap ssl = no # Root LDAP ldap admin dn...

...the root DSE (DSA [Directory System Agent] Specific Entry) access to dn.base="" by self write by * auth access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * none access to * by * read by anonymous auth security tls=1 TLSCACertificateFile /etc/openldap/ca.crt TLSCertificateFile /etc/openldap/server.crt TLSCertificateKeyFile /etc/openldap/server.key TLSVerifyClient demand /etc/ldap.conf *********** uri ldap://yyyy.com host yyyy.com port 389 ssl start_tls tls_reqcert demand tls_checkpeer yes tls_cert /etc/openldap/server.crt tls_key...

...or) ldapsam_setsampwent: LDAP search failed: Connect error nss_ldap and pam_ldap both work well using TLS. For your information, here is ma configuration concerning TLS in: slapd.conf --> TLSCertificateFile /usr/local/etc/openldap/ldap.cert TLSCertificateKeyFile /usr/local/etc/openldap/ldap.key TLSCACertificateFile /usr/local/etc/openldap/ca.cert ldap.conf --> BASE dc=domain, dc=com URI ldap://server.domain.com TLS_CACERT /usr/local/etc/openldap/ca.cert smb.conf --> ldap passwd sync = yes passdb backend = ldapsam:ldap://server.domain.com guest ldap machine suffix = ou=Computers,dc=domain,dc=com...

...gt;>>>> But nothing helps, I have double-checking all certs. >>>>>> >>>>>> ldapsearch with -ZZ works see: >>>>>> https://gwarband.de/openldap/ldapsearch.log >>>>>> >>>>>> I have also uploaded the TLSCACertificateFile, maybe I have a >>>>>> failure in >>>>>> the merge of the two fiels: >>>>>> https://gwarband.de/openldap/LetsEncrypt.crt >>>>>> >>>>>> And also I have uploaded my complete openldap configuration: >>>...

...ent. Tomas On 03/18/2017 09:41 AM, info at gwarband.de wrote: > Hello, > > I have also installed LE certs. > But nothing helps, I have double-checking all certs. > > ldapsearch with -ZZ works see: https://gwarband.de/openldap/ldapsearch.log > > I have also uploaded the TLSCACertificateFile, maybe I have a failure in > the merge of the two fiels: > https://gwarband.de/openldap/LetsEncrypt.crt > > And also I have uploaded my complete openldap configuration: > https://gwarband.de/openldap/openldap.conf > > All other components can work and communicate with my open...

...ema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args TLSCACertificateFile /etc/pki/tls/certs/hypothalamus.cer TLSCertificateFile /etc/pki/tls/certs/brain-new.cer TLSCertificateKeyFile /etc/pki/tls/private/privkey.pem TLSCRLCheck none database bdb suffix "dc=som,dc=com" rootdn "cn=Manager,dc=som,dc=com" rootpw <pass...

Hi, sorry for the stupid question, but however i am following all howtos and tutorials it is not working 1) i have created CA certificate - /etc/pki/tls/misc/CA -newca 2) i have generated a new request - /etc/pki/tls/misc/CA -newreq 3) i have signed certificate /etc/pki/tls/misc/CA -signreq SO i have CA in /etc/pki/CA i have newkey.pem i have newcert.pem i have also cealrkey.pem (without

...gt; Hello, >>> >>> I have also installed LE certs. >>> But nothing helps, I have double-checking all certs. >>> >>> ldapsearch with -ZZ works see: >>> https://gwarband.de/openldap/ldapsearch.log >>> >>> I have also uploaded the TLSCACertificateFile, maybe I have a failure in >>> the merge of the two fiels: >>> https://gwarband.de/openldap/LetsEncrypt.crt >>> >>> And also I have uploaded my complete openldap configuration: >>> https://gwarband.de/openldap/openldap.conf >>> >>> All...

.../etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/qmail.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt TLSCertificateFile /etc/pki/tls/certs/slapd.pem TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem database bdb ... directory /var/lib/ldap index objectClass eq index uid eq index cn eq,pres i...

Hello guys, actually I'm trying to configure dovecot to access openldap for passwordcheck. My openldap is only allow access over "secure ldap". The dovecot can communicate with the openldap server but there is maybe a failure in the sslhandshake. Additional information you can find in the logs or in the dump below. Also I have my ldap config from dovecot in the links below. I

...de /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema allow bind_v2 passwd-hash {SSHA] pidfile /var/run/slapd.pid TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /var/ssl/cacert.pem TLSCertificateFile /var/ssl/ldapcrt.pem TLSCertificateKeyFile /var/ssl/ldapkey.pem TLSVerifyClient 0 security ssf=1 update_ssf=112 simple_bind=64 access to dn=".*,dc=soil,dc=ncsu,dc=edu" attr=userPassword by dn="cn=Manager,dc=soil,dc=ncsu,dc=edu" wr...

...d argsfile /var/run/slapd/slapd.args loglevel conns stats filter idletimeout 30 modulepath /usr/lib/ldap moduleload back_hdb moduleload syncprov sizelimit unlimited tool-threads 1 TLSCertificateFile /etc/ssl/certs/srv3cert.pem TLSCertificateKeyFile /etc/ssl/private/srv3key.pem TLSCACertificateFile /etc/ssl/certs/cacert.pem TLSVerifyClient never ####################################################################### # Specific Backend Directives for hdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend hdb database h...

...;access to * by * read") # # rootdn can always read and write EVERYTHING! # equivalent to TLS_CACERT TLSCertificateFile /etc/ssl/ldapcert.pem # selbst-signiertes Zertifikat # equivalent to TLS_KEY TLSCertificateKeyFile /etc/ssl/ldapkey.pem # privater Schluessel # equivalent to TLS_CERT TLSCACertificateFile /etc/ssl/demoCA/cacert.pem # Certificate Authority # this is equivalent to TLS_REQCERT #TLSVerifyClient allow #TLSVerifyClient try #TLSVerifyClient demand #Verfahrensweise TLSCipherSuite HIGH:MEDIUM:+SSLv2 ###########################################################...