CJLinst

Q: El Capitan  + Server 5.0.15 No LDAP SSL TLS Certificate

After upgrading to El Capitan and Server 5.0.15, slapd no longer offers LDAP services over port 636/SSL nor will it accept STARTTLS on 389.

 

Nov  3 10:44:25 server slapd[50620]: conn=5945 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"

 

The "unsupported operation" is STARTTLS.

 

I have a valid startssl certificate that's working fine on other services and is selected for Open Directory but slapd refuses to use it and enable SSL or TLS.

 

This broke LDAP authentication from my FreeNAS which requires SSL/TLS for authentication services.

 

Anyone else seeing this or have a solution?

Posted on Nov 3, 2015 11:36 AM

Close

Q: El Capitan  + Server 5.0.15 No LDAP SSL TLS Certificate

  • All replies
  • Helpful answers

Previous Page 2
  • by CJLinst,

    CJLinst CJLinst Nov 4, 2015 1:10 PM in response to Blaidd Drwg
    Level 1 (0 points)
    Nov 4, 2015 1:10 PM in response to Blaidd Drwg

    Thanks.  It wouldn't let me change that either. Whenever it prompted me for the admin password to change the key access list, it would log this: "Authorization via securityd no longer supported"

     

    I blew the server out and reinstalled El Cap + Server 5.0.15 fresh last night. It took the cert. I'll never know what was really wrong but that server was hosed. One too many upgrades I guess.

Previous Page 2