Re: SSL certificate install

Thu, 14 Dec 2023 01:17:06 -0800

Syntax error? Open your file with vi and do a "set: list" and you will see additional blanks and tabstops. 

Am 13.12.23 um 14:28 schrieb Jean-Luc Chandezon:


You are missing "changetype: modify"

this is how it should look
-------------
dn: cn=config
changetype: modify
add: olcTLSCertificateFile
olcTLSCertificateFile: /opt/symas/etc/openldap/example-net-cert.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /opt/symas/etc/openldap/example-net-key.pem
-
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /opt/symas/etc/openldap/cacert.pem

-------------
Stefan



Thank you Stefan!
Sorry for the mistake due to last changes.

Our ldf file content is:

dn: cn=config
changetype: modify
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/LEXP_Infra_CA1.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/private/annuaire.lexp.fr.key
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/certs/annuaire.lexp.fr.pem


with the request:
ldapmodify -Y EXTERNAL -H ldapi:/// -f /root/01-SSL.ldif

  
result:

modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)

Any idea?

Please find log content bellow

023-12-13T14:26:31.500282+01:00 bea-chicago slapd[63531]: #011#011one value, 
length 33
2023-12-13T14:26:31.500380+01:00 bea-chicago slapd[63531]: #011add: 
olcTLSCertificateKeyFile
2023-12-13T14:26:31.500452+01:00 bea-chicago slapd[63531]: #011#011one value, 
length 37
2023-12-13T14:26:31.500528+01:00 bea-chicago slapd[63531]: #011add: 
olcTLSCertificateFile
2023-12-13T14:26:31.500603+01:00 bea-chicago slapd[63531]: #011#011one value, 
length 35
2023-12-13T14:26:31.500676+01:00 bea-chicago slapd[63531]: conn=1007 op=1 MOD 
dn="cn=config"
2023-12-13T14:26:31.500748+01:00 bea-chicago slapd[63531]: conn=1007 op=1 MOD 
attr=olcTLSCACertificateFile olcTLSCertificateKeyFile olcTLSCertificateFile
2023-12-13T14:26:31.500823+01:00 bea-chicago slapd[63531]: => access_allowed: 
result not in cache (olcTLSCACertificateFile)
2023-12-13T14:26:31.500884+01:00 bea-chicago slapd[63531]: => access_allowed: add access to 
"cn=config" "olcTLSCACertificateFile" requested
2023-12-13T14:26:31.500960+01:00 bea-chicago slapd[63531]: => acl_get: [1] attr 
olcTLSCACertificateFile
2023-12-13T14:26:31.501039+01:00 bea-chicago slapd[63531]: => acl_mask: access to entry 
"cn=config", attr "olcTLSCACertificateFile" requested
2023-12-13T14:26:31.501110+01:00 bea-chicago slapd[63531]: => acl_mask: to value by 
"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0)
2023-12-13T14:26:31.501191+01:00 bea-chicago slapd[63531]: <= check a_dn_pat: 
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
2023-12-13T14:26:31.501270+01:00 bea-chicago slapd[63531]: <= acl_mask: [1] 
applying manage(=mwrscxd) (stop)
2023-12-13T14:26:31.501338+01:00 bea-chicago slapd[63531]: <= acl_mask: [1] 
mask: manage(=mwrscxd)
2023-12-13T14:26:31.501394+01:00 bea-chicago slapd[63531]: => 
slap_access_allowed: add access granted by manage(=mwrscxd)
2023-12-13T14:26:31.501477+01:00 bea-chicago slapd[63531]: => access_allowed: 
add access granted by manage(=mwrscxd)
2023-12-13T14:26:31.501563+01:00 bea-chicago slapd[63531]: => access_allowed: 
result not in cache (olcTLSCertificateKeyFile)
2023-12-13T14:26:31.501638+01:00 bea-chicago slapd[63531]: => access_allowed: add access to 
"cn=config" "olcTLSCertificateKeyFile" requested
2023-12-13T14:26:31.501710+01:00 bea-chicago slapd[63531]: => acl_get: [1] attr 
olcTLSCertificateKeyFile
2023-12-13T14:26:31.501797+01:00 bea-chicago slapd[63531]: => acl_mask: access to entry 
"cn=config", attr "olcTLSCertificateKeyFile" requested
2023-12-13T14:26:31.501877+01:00 bea-chicago slapd[63531]: => acl_mask: to value by 
"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0)
2023-12-13T14:26:31.501965+01:00 bea-chicago slapd[63531]: <= check a_dn_pat: 
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
2023-12-13T14:26:31.502028+01:00 bea-chicago slapd[63531]: <= acl_mask: [1] 
applying manage(=mwrscxd) (stop)
2023-12-13T14:26:31.502087+01:00 bea-chicago slapd[63531]: <= acl_mask: [1] 
mask: manage(=mwrscxd)
2023-12-13T14:26:31.502151+01:00 bea-chicago slapd[63531]: => 
slap_access_allowed: add access granted by manage(=mwrscxd)
2023-12-13T14:26:31.502210+01:00 bea-chicago slapd[63531]: => access_allowed: 
add access granted by manage(=mwrscxd)
2023-12-13T14:26:31.502271+01:00 bea-chicago slapd[63531]: => access_allowed: 
result not in cache (olcTLSCertificateFile)
2023-12-13T14:26:31.502344+01:00 bea-chicago slapd[63531]: => access_allowed: add access to 
"cn=config" "olcTLSCertificateFile" requested
2023-12-13T14:26:31.502420+01:00 bea-chicago slapd[63531]: => acl_get: [1] attr 
olcTLSCertificateFile
2023-12-13T14:26:31.502483+01:00 bea-chicago slapd[63531]: => acl_mask: access to entry 
"cn=config", attr "olcTLSCertificateFile" requested
2023-12-13T14:26:31.502559+01:00 bea-chicago slapd[63531]: => acl_mask: to value by 
"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", (=0)
2023-12-13T14:26:31.502621+01:00 bea-chicago slapd[63531]: <= check a_dn_pat: 
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
2023-12-13T14:26:31.502680+01:00 bea-chicago slapd[63531]: <= acl_mask: [1] 
applying manage(=mwrscxd) (stop)
2023-12-13T14:26:31.502751+01:00 bea-chicago slapd[63531]: <= acl_mask: [1] 
mask: manage(=mwrscxd)
2023-12-13T14:26:31.502813+01:00 bea-chicago slapd[63531]: => 
slap_access_allowed: add access granted by manage(=mwrscxd)
2023-12-13T14:26:31.502867+01:00 bea-chicago slapd[63531]: => access_allowed: 
add access granted by manage(=mwrscxd)
2023-12-13T14:26:31.502928+01:00 bea-chicago slapd[63531]: slap_get_csn: 
conn=1007 op=1 generated new csn=20231213132631.497094Z#000000#000#000000 
manage=1
2023-12-13T14:26:31.502991+01:00 bea-chicago slapd[63531]: slap_queue_csn: 
queueing 0x7f57e0000bd0 20231213132631.497094Z#000000#000#000000
2023-12-13T14:26:31.503060+01:00 bea-chicago slapd[63531]: oc_check_required entry 
(cn=config), objectClass "olcGlobal"
2023-12-13T14:26:31.503136+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"objectClass"
2023-12-13T14:26:31.503222+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"cn"
2023-12-13T14:26:31.503286+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"olcArgsFile"
2023-12-13T14:26:31.503353+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"olcLogLevel"
2023-12-13T14:26:31.503434+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"olcPidFile"
2023-12-13T14:26:31.503498+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"olcToolThreads"
2023-12-13T14:26:31.503558+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"structuralObjectClass"
2023-12-13T14:26:31.503622+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"entryUUID"
2023-12-13T14:26:31.503673+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"creatorsName"
2023-12-13T14:26:31.503753+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"createTimestamp"
2023-12-13T14:26:31.503830+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"olcTLSCACertificateFile"
2023-12-13T14:26:31.503912+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"olcTLSCertificateKeyFile"
2023-12-13T14:26:31.503982+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"olcTLSCertificateFile"
2023-12-13T14:26:31.504056+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"entryCSN"
2023-12-13T14:26:31.504121+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"modifiersName"
2023-12-13T14:26:31.504183+01:00 bea-chicago slapd[63531]: oc_check_allowed type 
"modifyTimestamp"
2023-12-13T14:26:31.504246+01:00 bea-chicago slapd[63531]: daemon: activity on 
1 descriptor
2023-12-13T14:26:31.504301+01:00 bea-chicago slapd[63531]: daemon: activity on:
2023-12-13T14:26:31.504366+01:00 bea-chicago slapd[63531]:
2023-12-13T14:26:31.504420+01:00 bea-chicago slapd[63531]: send_ldap_result: 
conn=1007 op=1 p=3
2023-12-13T14:26:31.504491+01:00 bea-chicago slapd[63531]: send_ldap_result: err=80 
matched="" text=""
2023-12-13T14:26:31.504557+01:00 bea-chicago slapd[63531]: send_ldap_response: 
msgid=2 tag=103 err=80


--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn



Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre 
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter 
https://www.dgn.de/dgncert/index.html

Download der root-Zertifikate: https://www.dgn.de/dgncert/downloads.html

Neuer GPG-Key der public key befindet sich im Anhang





Attachment:
smime.p7s

Description: Kryptografische S/MIME-Signatur






















					Reply via email to