How to make slapd reveal details about "ldap_modify: Other (e.g., implementation specific) error (80)"
by berndbausch from LinuxQuestions.org on (#4X5WB)
I am trying to install an LDAP server on Centos 7 and am running around in circles trying to set up TLS.
I get the dreaded ldap_modify: Other (e.g., implementation specific) error (80) when telling slapd the locations of self-signed certificate and key files:
Code:# ldapmodify -Y EXTERNAL -H ldapi:/// -f changes-certs.ldif
SASL/EXTERNAL authentication started
...
ldap_modify: Other (e.g., implementation specific) error (80)
# cat changes-ldif
dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/cert.pem
dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/priv.pemThe certificate and key files exist, have the right permissions and SELinux context. The certificate looks good to me.
I ran slapd on the command line with -d Config. It complains thusly:
Code:TLS: could not use key file `/tmp/openldap-tlsmc-certs--F8C50339EE66BF94A92085EB3C98BCBF7C96EFB3D73305F3E1D0E10C352F6E2A/key.pem'.
TLS: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch x509_cmp.c:341I have no idea what this /tmp/...key.pem is. It's definitely not the key I generated (it only has 1024 bits, to begin with).
EDIT: It has something to do with MozNSS compatibility. Not that this makes me any wiser.
So, what is slapd complaining about?
I get the dreaded ldap_modify: Other (e.g., implementation specific) error (80) when telling slapd the locations of self-signed certificate and key files:
Code:# ldapmodify -Y EXTERNAL -H ldapi:/// -f changes-certs.ldif
SASL/EXTERNAL authentication started
...
ldap_modify: Other (e.g., implementation specific) error (80)
# cat changes-ldif
dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/cert.pem
dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/priv.pemThe certificate and key files exist, have the right permissions and SELinux context. The certificate looks good to me.
I ran slapd on the command line with -d Config. It complains thusly:
Code:TLS: could not use key file `/tmp/openldap-tlsmc-certs--F8C50339EE66BF94A92085EB3C98BCBF7C96EFB3D73305F3E1D0E10C352F6E2A/key.pem'.
TLS: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch x509_cmp.c:341I have no idea what this /tmp/...key.pem is. It's definitely not the key I generated (it only has 1024 bits, to begin with).
EDIT: It has something to do with MozNSS compatibility. Not that this makes me any wiser.
So, what is slapd complaining about?