Skip to content

Instantly share code, notes, and snippets.

@ndlrx

ndlrx/openldap-tls.md

Last active December 28, 2020 07:55
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ndlrx/edef4474ec9f5edac594cc5e37644559 to your computer and use it in GitHub Desktop.
Save ndlrx/edef4474ec9f5edac594cc5e37644559 to your computer and use it in GitHub Desktop.
Download ZIP
OpenLDAP Error TLS: ldap_modify: Other (e.g., implementation specific) error (80)
Raw
openldap-tls.md

I got an error when importing the TLS key and certificate on OpenLDAP CentOS 7.

Below is my cers.ldif configuration:

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/myldap.server.hakase.io.cert

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.server.hakase.io.key

The command to import:

[root@hakase-ldap ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f ~/certs.ldif

The result I get:

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)

To solve this error, I just need to reordered the key first, and then the certificate.

So below the configuration.

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.server.hakase.io.key

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/myldap.server.hakase.io.cer

Import again with the command on top and below is my results.

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"

modifying entry "cn=config"

Solved.

ndlr.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment