Date: Tue, 8 Jun 2004 13:26:58 +0200 From: mkes@ra.rockwell.com To: freebsd-questions@FreeBSD.org Subject: problems with LDAP TLS and nss_ldap on 5.2.1 Message-ID: <OF5D751513.CDC52A44-ONC1256EAD.003B47C5@ra.rockwell.com>
next in thread | raw e-mail | index | archive | help
I have upgraded our LDAP server to 5.2.1Release running openldap-2.1.30 server/client + pam_ldap-1.6.9 + nss_ldap-1.204_5. The previous configuration (openldap20-2.0.25_4 + nss_ldap-1.204_1 + pam_ldap-1.6.1) was runing OK on FreeBSD 5.1R After the upgrade I have 2 major problems. 1) I'm not able to make the ldap server to work with TLS. The previous installation worked fine but I haven't properly backed up TLS certificates and I had to generate them again using the approach described at http://www.openldap.org/faq/data/cache/185.html As soon as I add these TLS options to the slapd.conf: # TLS options for slapd TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /usr/local/etc/openldap/cacert.pem TLSCertificateFile /usr/local/etc/openldap/servercrt.pem TLSCertificateKeyFile /usr/local/etc/openldap/servercrt.pem ... running "/etc/rc.d/slapd start" doesn't even start the server but doesn't complain either. So I have no clue what's going wrong and right now I have to run the server without TLS. 2) The second problem is with nss_ldap. I have installed the server first, loaded data to the directory, tried some searches etc. Everything worked OK (except for the TLS). Nomaly, the startup of the server takes about 1 second. As soon as I install nss_ldap (in the very moment I run make install on that port) the startup time of the ldap server slows down to 30+ seconds and I also experienced cases when it didn't start at all. If I deinstall the nss_ldap the server startup is quick again. Any ideas of what can be wrong in either case would be really welcome. Thanks Mira
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF5D751513.CDC52A44-ONC1256EAD.003B47C5>