본문 바로가기

리눅스

[리눅스] OpenLDAP cert(TLS/SSL) 적용 시 에러

728x90

OpenLDAP SSL(cert) 적용 시 에러

certs.ldif 생성

$ vim certs.ldif
dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/sangchul_kr_cert.pem

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/sangchul_kr_key.pem

에러

ldap_modify: Other (e.g., implementation specific) error (80)

$ ldapmodify -Y EXTERNAL -H ldapi:/// -vvv -f certs.ldif
ldap_initialize( ldapi:///??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
replace olcTLSCertificateFile:
	/etc/openldap/certs/sangchul_kr_cert.pem
modifying entry "cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)

문제 해결을 위해서 키 순서를 변경합니다.

순서 : Key File, Certificate File

certs.ldif 편집

$ vim certs.ldif
dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/sangchul_kr_key.pem

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/sangchul_kr_cert.pem
$ ldapmodify -Y EXTERNAL -H ldapi:/// -vvv -f certs.ldif
ldap_initialize( ldapi:///??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
replace olcTLSCertificateKeyFile:
	/etc/openldap/certs/sangchul_kr_key.pem
modifying entry "cn=config"
modify complete

replace olcTLSCertificateFile:
	/etc/openldap/certs/sangchul_kr_cert.pem
modifying entry "cn=config"
modify complete
728x90