[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: problem enabling ssl on openldap 2.2.13
Am Wed, 5 Jan 2011 13:07:48 +0000
schrieb rui <guideveloper@gmail.com>:
> Hi,
>
> The "is not readable by "ldap"" error happens when i start ldap using
> /etc/rc.d/init.d/ldap restart
> These three lines are the source of the problem, if i remove them
> then no warning message on restart.
>
> TLSCACertificateFile server.pem
> TLSCertificateFile server.pem
> TLSCertificateKeyFile server.pem
>
> I have moved this file to /etc/openldap/cacerts and changed the above
> three path accordingly.
> I have also modified ldap.conf to have TLS_CACERT which allows me to
> do ldapsearch(before it was giving ssl verify problem)now with
> ldaps://localhost on the same sytem.
>
>
> I still get this when i restart the ldap server using
> /etc/rc.d/init.d/ldap restart, notice the er.pem after ldap - is it
> not picking up the path. correctly or its a harmless warning now that
> ldaps is working i think it is harmless.
It seems to be a typo, and check permissions ot the certificates.
>
> is not readable by "ldap"er.pem [WARNING]
> is not readable by "ldap"er.pem
> [WARNING] is not readable by "ldap"er.pem
> [WARNING] Checking configuration files for slapd:
> [ OK ] Starting slapd:
> [ OK ]
[...]
In order to check TLS connectivity run
openssl s_client -connect host:636 -CAfile /path/to/ca \
-showcerts
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E