[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?

To: "Howard Chu" <hyc@symas.com>
Subject: Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
From: "Ben Wailea, openldap-software" <bwailea+10@gmail.com>
Date: Fri, 15 Aug 2008 17:33:57 -0700
Cc: openldap-software@openldap.org, Philip Guenther <guenther+ldapsoft@sendmail.com>
Content-disposition: inline
In-reply-to: <48A615A6.6000801@symas.com>
References: <382b79dc0808151028p2d7aedd8o438caf43b525cf02@mail.gmail.com> <alpine.BSO.1.10.0808151626550.1036@vanye.mho.net> <48A60834.8050201@symas.com> <382b79dc0808151626m7eb2e16aycdff5e8eebc31be8@mail.gmail.com> <48A615A6.6000801@symas.com>

On Fri, Aug 15, 2008 at 4:47 PM, Howard Chu <hyc@symas.com> wrote:
> Personally I would put ldap and apache into a group and make the key
> readable to that specific group.

easy & works like a champ.  thanks!

for others' ref:

cat /etc/apache2/uid.conf
	User  wwwrun
	Group www
egrep "OPENLDAP_USER=|OPENLDAP_GROUP=" /etc/sysconfig/openldap
	OPENLDAP_USER="ldap"
	OPENLDAP_GROUP="ldap"

groupadd wwwssl
grep wwwssl /etc/group
usermod -G wwwssl ldap
usermod -G wwwssl wwwrun

mkdir -p /usr/local/etc/ssl
cd       /usr/local/etc/ssl
mkdir    ssl.crt
mkdir    ssl.key

cp {.../ca.crt,.../svr.crt} ssl.crt/
cp  .../svr.key             ssl.key/

chown -R root:wwwssl /usr/local/etc/ssl
chmod 755 ssl.crt
chmod 750 ssl.key

chmod 644 ssl.crt/ca.crt
chmod 644 ssl.crt/svr.crt
chmod 640 ssl.key/svr.key

point apache2 & openldap confs as these files.

service apache2 start
	Starting httpd2 (prefork)                                             done

service ldap start
	Starting ldap-server                                                  done

ps ax | egrep "http|ldap"
 8359 ?        S<s    0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
 8603 ?        S<sl   0:00 /usr/lib/openldap/slapd -h ldap://   -f
/etc/openldap/slapd.conf -u ldap -g ldap -4 -o slp=on

References:
- openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: "Ben Wailea, openldap-software" <bwailea+10@gmail.com>
- Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>
- Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: Howard Chu <hyc@symas.com>
- Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: "Ben Wailea, openldap-software" <bwailea+10@gmail.com>
- Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
Next by Date: Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
Index(es):
- Chronological
- Thread