# [solved]LDAP ldap_start_tls error

## decrease789

I tried to manage my secure ldap server using phpldapadmin and I got the the following error

 *Quote:*   

> Error
> 
> Could not start TLS. Please check your LDAP server configuration. 

 

i then proceed to try TLS using ldap search and got the following erro

```
root@mydomain ssl # ldapsearch -D "cn=Manager,dc=mydomain,dc=biz" -W -ZZ

ldap_start_tls: Operations error (1)

        additional info: TLS already started 
```

i think i have set my ldap server up correctly for tls for example.... i changed my  /etc/openldap/slapd.conf similar to this

```
# Include the needed data schemes

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/inetorgperson.schema

include         /etc/openldap/schema/nis.schema

# Use crypt to hash the passwords

password-hash {crypt}

# Define SSL and TLS properties (optional)

TLSCertificateFile /etc/ssl/ldap.pem

TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem

TLSCACertificateFile /etc/ssl/ldap.pem

// Further down...

database        ldbm

suffix          "dc=mydomain,dc=biz"

rootdn          "cn=Manager,dc=mydomain,dc=biz"

rootpw          {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==

directory       /var/lib/openldap-ldbm

index           objectClass     eq
```

my /etc/openldap/ldap.conf to ....

```
// Add the following...

BASE         dc=mydomain, dc=com

URI          ldaps://auth.mydomain.com:636/

TLS_REQCERT  allow
```

and my  /etc/conf.d/slapd

```
OPTS="-h 'ldaps:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
```

when i try 

```
ldapsearch -D "cn=Manager,dc=mydomain,dc=com" -W
```

it works fine

so is this an ldap tls problem??? have i forgot to set something up for tls?Last edited by decrease789 on Mon Mar 28, 2005 3:30 pm; edited 2 times in total

----------

## decrease789

i solved it myself!! 

the problem is related to this 

http://www.openldap.org/faq/data/cache/1063.html

if ldap is set up to over ssl... then there is no need to configure it in another program (such as phpldapadmin), all that needs mention is ldaps://auth.mydomain.com and the port... switch tls to false and it will work

----------

## DrHogie

I could kiss you right now.

Thanks to this hint, I finally have phpldapadmin working  :Smile: 

Now if I can just figure out what the hell to do with LDAP . . . . .

----------

