Renew ldap ssl certificate

From snippet wiki
Jump to navigation Jump to search

If you have your certs via letsencrypt you can use that file named olcSSL.ldif

dn: cn=config
changetype: modify
replace: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/letsencrypt/live/ldap.example.com/fullchain.pem
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/letsencrypt/live/ldap.example.com/privkey.pem
-
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/letsencrypt/live/ldap.example.com/cert.pem

To trigger that file run this

ldapmodify -Y EXTERNAL -H ldapi:/// -f olcSSL.ldif