openldap and letsencrypt
Norman.Gray at glasgow.ac.uk
Mon Nov 4 19:25:11 UTC 2019
On 4 Nov 2019, at 17:59, Jerry wrote:
> I can get it up and running, but no one can connect to it. Did you
> make any changes to the rc.conf entries? Mine are as shown in the rc.d
> 'slapd' script:
> # Slapd
> slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/
> I have to figure out how to turn on logging. I am working on that now.
Things to try:
* check olcSecurity and olcLocalSSF in your cn=config configuration
(see snippet from my config below).
* set olcLogLevel in the same stanza (see Sect. 22.214.171.124 of
https://www.openldap.org/doc/admin24/slapdconfig.htm); set this in
slapd.ldif or dynamically using ldapmodify; setting this to -1 produces
_lots_ of logging data to /var/log/debug.log
* Even if you plan to support only StartTLS, configure the server to
support LDAPS during testing, because then...
* ...you can try connecting to the server with `openssl s_client
-connect ldap.example.com:636 -showcerts </dev/null` to see chatter
Certificate problems are rather hard to track down, in my experience,
because errors here tend to appear in the logs (even with olcLogLevel =
-1) as not much more than 'no!'.
# Set the nominal security factor of local connections.
# This has to be higher than olcSecurity.
# TLS setup.
# See OpenLDAP manual Chapter 16 for documentation of the following.
Norman Gray : https://nxg.me.uk
SUPA School of Physics and Astronomy, University of Glasgow, UK
More information about the freebsd-questions