Hi, I've followed the steps you've followed to generate the certificates and was unable to reproduce your problem:
[EMAIL PROTECTED]:~$ ldapsearch -x -H ldaps:/// -b "" -LLL -s base supportedSASLMechanisms dn: supportedSASLMechanisms: LOGIN supportedSASLMechanisms: PLAIN supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: NTLM supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: EXTERNAL On Fri, Sep 05, 2008 at 02:33:03AM -0000, Dragomir Minkovski wrote: > # Configuration files: > > # /home/ubuntu/.ldaprc > > TLS_CACERT /root/ca.crt > TLS_CERT /home/ubuntu/client.crt > TLS_KEY /home/ubuntu/client.key > > # /etc/ldap/slapd.conf > > TLSCACertificateFile /root/ca.crt > TLSCertificateFile /root/server.crt > TLSCertificateKeyFile /root/server.key Could you use /etc/ssl/certs/ for ca.crt and server.crt and /etc/ssl/private/ for server.key instead ? Also make sure that the permission are set correctly on the files: [EMAIL PROTECTED]:~$ ls -l /etc/ssl/certs/*crt -rw-r--r-- 1 root root 1424 2008-09-05 17:16 /etc/ssl/certs/ca.crt -rw-r--r-- 1 root root 1159 2008-09-05 17:16 /etc/ssl/certs/server.crt [EMAIL PROTECTED]:~$ sudo ls -l /etc/ssl/private/ total 8 -rw-r----- 1 root ssl-cert 1675 2008-09-05 17:16 server.key Don't forget to add the openldap user to the ssl-cert group. Could you also update the .ldaprc file to reference /etc/ssl/certs/ca.crt rather than /root/ca.crt ? -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- Hardy slapd server is not supporting sasl/external authentication https://bugs.launchpad.net/bugs/249881 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs