Configure OpenLDAP SSL

To configure SSL using cn=config style

Create the TLS certificate

# certtool --generate-privkey --outfile ldap.gnutls.key
# certtool --generate-certificate --load-privkey ldap.gnutls.key --outfile ldap.gnutls.crt --load-ca-certificate /etc/ssl/demoCA/ca.crt --load-ca-privkey /etc/ssl/demoCA/ca.key
dn: cn=config
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/server-intermediate.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/private/server-key.pem
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/certs/server-cert.pem

and then add it to the server:

# ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcSSL.ldif

References