OpenLdap TLS authentication setup
These are SINGLE-VALUE
. Use replace
instead of add
.
Also note, changes in the attributes may require a restart of slapd
. (Not everything is a run-time configurable as we'd like.)
Your schema is probably:
attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.70 NAME 'olcTLSCertificateFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.71 NAME 'olcTLSCertificateKeyFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
A little explaination: ldapmodify
add
causes slapd
to make sure you aren't putting in the attribute valie pair twice by doing an equality match. From what I can tell it should be using 2.5.13.6 NAME 'caseExactOrderingMatch'
, but I've not sure I've ever tried an add
for these attributes. This behavior might be completely normal.