Bug 166462 - OpenLDAP TLS configuration could be easier
OpenLDAP TLS configuration could be easier
Status: CLOSED DUPLICATE of bug 143393
Product: Fedora
Classification: Fedora
Component: openldap (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jay Fenlason
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2005-08-21 20:00 EDT by W. Michael Petullo
Modified: 2014-08-31 19:27 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-08-22 13:59:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description W. Michael Petullo 2005-08-21 20:00:44 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.11) Gecko/20050815 Epiphany/1.7.4

Description of problem:
The OpenLDAP package requires OpenSSL but could make configuring a TLS server easier.

First, slapd.conf contains:

# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

This should be:

# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

Second, Apache's mod_ssl package creates a TLS certificate when it is installed.  Should OpenLDAP do the same?  Should the OpenLDAP provide a TLS-protected service out of the box?

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
See description.  

Additional info:
Comment 1 Jay Fenlason 2005-08-22 13:59:30 EDT

*** This bug has been marked as a duplicate of 143394 ***
Comment 2 Jay Fenlason 2005-08-22 14:08:57 EDT
Whoops  Wrong bug number.  Must be monday. . . 

*** This bug has been marked as a duplicate of 143393 ***

Note You need to log in before you can comment on or make changes to this bug.