Well, I all of a sudden made progress. While tailing the syslog file I saw an apparmor error preventing slaps from reading the cert files, even though the permissions on the cert files should have allowed it. This seems to be a common issue, although some people report that they were able to get around it by setting file permissions. I was not. I tried to add a recursive read rule to /etc/apparmor.d/local/usr.sbin.slapd but that still showed the read error (probably because I do not understand apparmor). I added each cert file, and it can now read them. So the ldapmodify command succeeds.
Now the issue I am working on is getting Apache Directory Server to work. I can create the connection, test the auth (which works), and retrieve the base dn. But, once I complete the connection and actually try to connect, it hangs.
OpenLDAP & TLS
Aucun commentaire:
Enregistrer un commentaire