Bug 166462

Summary: OpenLDAP TLS configuration could be easier
Product: [Fedora] Fedora Reporter: W. Michael Petullo <redhat>
Component: openldapAssignee: Jay Fenlason <fenlason>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: jfeeney
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-22 17:59:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description W. Michael Petullo 2005-08-22 00:00:44 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.11) Gecko/20050815 Epiphany/1.7.4

Description of problem:
The OpenLDAP package requires OpenSSL but could make configuring a TLS server easier.

First, slapd.conf contains:

# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

This should be:

# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

Second, Apache's mod_ssl package creates a TLS certificate when it is installed.  Should OpenLDAP do the same?  Should the OpenLDAP provide a TLS-protected service out of the box?

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
See description.  

Additional info:
Comment 1 Jay Fenlason 2005-08-22 17:59:30 UTC 

*** This bug has been marked as a duplicate of 143394 ***
Comment 2 Jay Fenlason 2005-08-22 18:08:57 UTC 
Whoops  Wrong bug number.  Must be monday. . . 

*** This bug has been marked as a duplicate of 143393 ***