Hello
When I use the following directive in ldapd.conf:
1)
...
listen on em0 ldaps
...
or
...
listen on em0 tls
...
and the certificate (em0.crt) and key (em0.key) files are in
/etc/ldap/certs,
then "ldapd -n" shows OK.
When I use:
2)
...
listen on em0 ldaps certificate "/etc/ldap/certs/em0.crt"
or
listen on em0 ldaps certificate "/etc/ldap/certs/em0"
...
or
...
listen on em0 tls certificate "/etc/ldap/certs/em0.crt"
or
listen on em0 tls certificate "/etc/ldap/certs/em0"
...
then "ldapd -n" shows the following:
"/etc/ldapd.conf:10: cannot load certificate: /etc/ldap/certs/em0.crt
/etc/ldapd.conf:11: cannot load certificate: /etc/ldap/certs/em0.crt"
or
"/etc/ldapd.conf:10: cannot load certificate: /etc/ldap/certs/em0
/etc/ldapd.conf:11: cannot load certificate: /etc/ldap/certs/em0"
man ldapd.conf says:
"If no certificate name is specified, the /etc/ldap/certs directory is
searched for a file named by joining the interface name with a
.crt extension, e.g. /etc/ldap/certs/fxp0.crt."
This works OK
But the following:
"If the certificate name is an absolute path, a .crt and .key
extension are appended to form the certificate path and key path
respectively."
This part does not seem to work at all.
Neither it tries to search certificates using the absolute path nor
it tries to append .crt or .key extension to the absolute path when no
extension is used in config.
Or I do it completely wrong?
--
Maksim Rodin
