Skip to content

Instantly share code, notes, and snippets.

@ndlrx
Last active Dec 28, 2020
Embed
What would you like to do?
OpenLDAP Error TLS: ldap_modify: Other (e.g., implementation specific) error (80)

I got an error when importing the TLS key and certificate on OpenLDAP CentOS 7.

Below is my cers.ldif configuration:

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/myldap.server.hakase.io.cert

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.server.hakase.io.key

The command to import:

[root@hakase-ldap ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f ~/certs.ldif                                                                                                                                           

The result I get:

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)

To solve this error, I just need to reordered the key first, and then the certificate.

So below the configuration.

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.server.hakase.io.key

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/myldap.server.hakase.io.cer

Import again with the command on top and below is my results.

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"

modifying entry "cn=config"

Solved.

ndlr.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment