[SAC] [OSGeo] #2295: Replace ldaps STAR cert with letsencrypt or single cert
OSGeo
trac_osgeo at osgeo.org
Fri Apr 26 20:26:13 PDT 2019
#2295: Replace ldaps STAR cert with letsencrypt or single cert
---------------------------+---------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Sysadmin Contract 2019-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by robe):
I got as far as creating an ssl.ldif that has this in it:
{{{
dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/certs/osgeo.org/privkey.pem
-
replace: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/osgeo.org/chain.pem
-
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/certs/osgeo.org/cert.pem
}}}
And then trying to install with this (note I'm doing this on replica of
secure, not on secure directly yet)
{{{
SLAPD_SERVICES="ldaps://ldap.osgeo.org"
ldapmodify -W -D "cn=Manager,dc=osgeo,dc=org" -H ldaps://ldap.osgeo.org
-f ssl.ldif
}}}
and it prompted me with a password which I found in the root/access list
for phpldap.
But I got this error:
modifying entry "cn=config"
ldap_modify: Insufficient access (50)
If I type in the wrong password I do get a invalid password, so I have the
right password for this account, but this one appears to not have enough
privilege to edit the configs
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2295#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list