Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Samba HowTo Guide
Prev Home Next


The most common error when configuring TLS, as I have already mentioned numerous times, is that the Common Name (CN) you entered in the section called “Generating the Server Certificate” is NOT the Fully Qualified Domain Name (FQDN) of your ldap server.

Other errors could be that you have a typo somewhere in your ldapsearch command, or that your have the wrong permissions on the servercrt.pem and cacert.pem files. They should be set with chmod 640 , as per the section called “Installing the Certificates”.

For anything else, it's best to read through your ldap logfile or join the OpenLDAP mailing list.

[8] We could however, get our generated server certificate signed by proper CAs, like Thawte and VeriSign, which you pay for, or the free ones, via CAcert

[9] The downside to making our own CA, is that the certificate is not automatically recognized by clients, like the commercial ones are.

[10] For information straight from the horse's mouth, please visit; the main OpenSSL site.

[11] Your or might not be in the same location as mine is, you can find it by using the locate command, i.e., locate . If the command complains about the database being too old, run updatedb as root to update it.

[12] See man ldapsearch

Samba HowTo Guide
Prev Home Next

  Published under the terms fo the GNU General Public License Design by Interspire