problems with LDAP TLS and nss_ldap on 5.2.1
mkes at ra.rockwell.com
mkes at ra.rockwell.com
Tue Jun 8 04:26:15 PDT 2004
I have upgraded our LDAP server to 5.2.1Release running openldap-2.1.30
server/client + pam_ldap-1.6.9 + nss_ldap-1.204_5. The previous
configuration (openldap20-2.0.25_4 + nss_ldap-1.204_1 + pam_ldap-1.6.1)
was runing OK on FreeBSD 5.1R
After the upgrade I have 2 major problems.
1) I'm not able to make the ldap server to work with TLS.
The previous installation worked fine but I haven't properly backed up TLS
certificates and I had to generate them again using the approach described
at http://www.openldap.org/faq/data/cache/185.html
As soon as I add these TLS options to the slapd.conf:
# TLS options for slapd
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/servercrt.pem
... running "/etc/rc.d/slapd start" doesn't even start the server but
doesn't complain either. So I have no clue what's going wrong and right
now I have to run the server without TLS.
2) The second problem is with nss_ldap.
I have installed the server first, loaded data to the directory, tried
some searches etc. Everything worked OK (except for the TLS). Nomaly, the
startup of the server takes about 1 second. As soon as I install nss_ldap
(in the very moment I run make install on that port) the startup time of
the ldap server slows down to 30+ seconds and I also experienced cases
when it didn't start at all. If I deinstall the nss_ldap the server
startup is quick again.
Any ideas of what can be wrong in either case would be really welcome.
Thanks
Mira
More information about the freebsd-questions
mailing list