adduser openldap ssl-cert chgrp ssl-cert /etc/letsencrypt/archive/ /etc/letsencrypt/live/ chmod g+rx /etc/letsencrypt/archive/ /etc/letsencrypt/live/ find /etc/letsencrypt/archive/ -name privkey*.pem -exec chown root:ssl-cert \{\} \; -exec chmod g+r \{\} \; service slapd stop ; service slapd start # Pour application de l'ajout du groupe
find
est a lancer après chaque renouvellement du certificat.
dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/letsencrypt/live/CERT/chain.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/letsencrypt/live/CERT/cert.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/letsencrypt/live/CERT/privkey.pem -
ldapmodify -h 127.0.0.1 -D cn=admin,cn=config -W -f /tmp/ssl.ldif # OR : ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/ssl.ldif
/etc/default/slapd
et ajouter ldaps:///
à la variable SLAPD_SERVICES
.