[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd stopped after i cofigured TLS in slapd.conf

Manila Chhotray wrote:

I want to configure TLS on OpenLDAp for which I creaed server certificate , signed it with CA Certificate and then configured slap.conf with the TLS options.The errors I got are .....
TLS: could not load verify locations (file:`C:openldapvaropenldap-datacacert.pem
TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:104
TLS: error:2006D080:BIO routines:BIO_new_file:no such file bss_file.c:107 TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib by_file.c:274 main: TLS init def ctx failed: -1
slapd shutdown: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.
I hav e configured my slapd.conf as
ucdata-path C:/openldap/ucdata
include C:/openldap/etc/schema/core.schema
include C:/openldap/etc/schema/misc.schema
pidfile C:/openldap/var/slapd.pid
argsfile C:/openldap/var/slapd.args
TLSCACertificateFile C:\openldap\var\openldap-data\cacert.pem
TLSCertificateFile C:\openldap\var\openldap-data\SSL_ServerCert.pem
TLSCertificateKeyFile C:\openldap\var\openldap-data\ServerKey.pem
TLSVerifyClient never
database bdb
suffix "dc=SecretWriters,dc=com"
rootdn "cn=SecretWriters,dc=SecretWriters,dc=com"
The server certificate's common name is also SecretWriters.com
The libssl.dll is also available at home diretory of the openldap.This is a window version of openldap server.
Please help .
Manila Chhotray

I have never considered building and using slapd with windows (I infer you're doing so from your path names, although you don't specify software version, OS, OS version and other useful info when addressing problems), but the error message realy looks straightforward: the file name slapd is trying to open doesn't look like what you might expect. Apparently, slapd interprets the '\' you use to separate TLS related paths as an escape char, as intended. I don't understand why you use the '/' for included paths and the '\' for TLS related files. Please check.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497