Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Samba HowTo Guide
Prev Home Next

Troubleshooting

The most common error when configuring TLS, as I have already mentioned numerous times, is that the Common Name (CN) you entered in the section called “Generating the Server Certificate” is NOT the Fully Qualified Domain Name (FQDN) of your ldap server.

Other errors could be that you have a typo somewhere in your ldapsearch command, or that your have the wrong permissions on the servercrt.pem and cacert.pem files. They should be set with chmod 640 , as per the section called “Installing the Certificates”.

For anything else, it's best to read through your ldap logfile or join the OpenLDAP mailing list.



[8] We could however, get our generated server certificate signed by proper CAs, like Thawte and VeriSign, which you pay for, or the free ones, via CAcert

[9] The downside to making our own CA, is that the certificate is not automatically recognized by clients, like the commercial ones are.

[10] For information straight from the horse's mouth, please visit https://www.openssl.org/docs/HOWTO/; the main OpenSSL site.

[11] Your CA.pl or CA.sh might not be in the same location as mine is, you can find it by using the locate command, i.e., locate CA.pl . If the command complains about the database being too old, run updatedb as root to update it.

[12] See man ldapsearch

Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire