Sorry to join just to beg for help. Grace requested...
I have a problem trying to get slapd to start using a certificate. The
error is :
TLS: could not load verify locations
(file:`/etc/cert/cacert.pem',dir:`').
main: TLS init def ctx failed: -1
slapd stopped.
Version info:
$OpenLDAP: slapd 2.3.11 (Oct 22 2005 16:37:10)
I'm running Slackware 10.2with openssl 0.9.8a
My slapd conf has the following line:
TLSCACertificateFile /etc/cert/cacert.pem
TLSCertificateFile /etc/cert/servercrt.pem
TLSCertificateKeyFile /etc/cert/serverkey.pem
Searching the web I found many references to ensuring the correct access
to those files.
My startup command uses -u ldap -g ldap and I have /etc/cert world
readable with the following perms:
drwxr-xr-x 2 root root 144 2005-11-15 00:17 cert/
-rwxr-xr-x 1 root root 951 2005-10-13 21:16 /etc/cert/cacert.pem
-rwxr-xr-x 1 root root 3725 2005-10-13 21:19 /etc/cert/servercrt.pem
-rwxr-xr-x 1 root root 1620 2005-10-13 21:18 /etc/cert/serverkey.pem
I also have openssl.cnf available & readable
-rwxr-xr-x 1 root root 9446 2006-02-25 17:16 openssl.cnf
I'm no Linux expert, but the following strace output see applicable:
open("/etc/cert/cacert.pem", O_RDONLY|O_LARGEFILE) = 7
fstat64(7, {st_mode=S_IFREG|0755, st_size=951, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40460000
read(7, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 951
read(7, "", 4096) = 0
close(7) = 0
munmap(0x40460000, 4096) = 0
write(2, "TLS: could not load verify locat"..., 75TLS: could not load
verify locations (file:`/etc/cert/cacert.pem',dir:`').
) = 75
write(2, "main: TLS init def ctx failed: -"..., 34main: TLS init def ctx
failed: -1
From what I can see the file opened correctly. Any thoughts?
Thanks for the time & neurons.
\\Greg