OpenLDAP

• Setup OpenLDAP on Ubuntu 14.04

ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config

ldapmodify -QY EXTERNAL -H ldapi:/// -f tls-config.ldif

我參考了此篇教學產生certification file與設定，結果一直無法正常連線。於是透過以下command打開debug mode:

/usr/sbin/slapd -d 1 -h "ldap:/// ldapi:/// ldaps:///" -g openldap -u openldap -F /etc/ldap/slapd.d

出現以下錯誤訊息:

56f10002 slap_listener_activate(10):
56f10002 >>> slap_listener(ldaps://)
56f10002 connection_get(19): got connid=1001
56f10002 connection_read(19): checking for input on id=1001
TLS: can't accept: Could not negotiate a supported cipher suite..
56f10002 connection_read(19): TLS accept failure error=-1 id=1001, closing
56f10002 connection_close: conn=1001 sd=19

最後試出在Ubuntu 14.04下的slapd，可以參考此篇教學做法，將certification file設定給匯進去。

dn: cn=config
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ldap/ssl/rootca.crt
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/ssl/ldap.crt
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.key

產生certificate file batch script。