OpenLDAP Server Module Issues

Webmin
Jaret
2012-12-02
2013-05-22
  • Jaret
    Jaret
    2012-12-02

    In the OpenLDAP module under OpenLDAP Server Configuration there is an issue with the 'Generate SSL Certificate' creation button. The problem is that this form of generation does not support the creation of a certificate correctly. When the certificate is created there should also be a key, but it doesn't do this and can be reproduced in Unix and Linux operating systems so this isn't an operating system specific issue, but simply an issue with key and certificate creation.

    Another issue that exists is that there is a problem with how the OpenLDAP Server Configuration produces the slapd.conf configuration file layout when selecting the 'Access control options' within the OpenLDAP Server Configuration. When the options are chosen and configuration is applied, it puts this information below the database section which is incorrect. Instead, these options should be placed before the database section. If these options are not moved above the database section, the daemon fails to start.

    Finally for the FreeBSD operating system there could be an addition to point to the 'OpenLDAP database directory' which resides in /var/db/openldap-data and the DB_CONFIG file needs to be copied from the /usr/local/etc/openldap/examples/DB_CONFIG.example file into the ldap-data directory with ldap:ldap permissions.

    If anyone is interested in this too, there is another slight issue about OpenLDAP outside of Webmin itself. Although this page is specific to the FreeBSD operating system, you may be interested in what is described there to get OpenLDAP to work. The same problem has been well documented over the internet regarding a ctx -1 error. If you encounter this problem you may find the following link useful:

    http://freebsd.1045724.n5.nabble.com/ports-159398-openssl-slapd-tls-init-def-ctx-failed-1-td4660567.html

    I hope this is helpful in contributing to the development of Webmin. Thank you all for your hard work and I will be making future posts regarding improvements or bugs I may find.