[Date Prev][Date Next]
Re: still segmentation faults with SSL
>> Do you have 'localhost' anywhere in your configuration files?
> ahm, well I do - why, is that bad??
It is. When I saw the "address family not supported" I was reminded of
previous notes involving configuration files with directives containing
"localhost" and not the FQDN or IP address. From the location of your
segfault, I wouldn't expect a "localhost" entry, in say ldap.conf, to be
the root of your problem though. Keep this in mind for the future.
>> Is the slapd daemon really owned by ldap/root (user/group)? I don't
>> to run slapd with -u/-g.
> No, the slapd executable is not owned by user ldap, but by user root. I
> just thought it is good security practice to not have all services run
> by root.
Sure, it's a great practice, but user ldap has to exist and needs
permission to execute the server, read databases, ,certificates, keytabs,
etc. I think this is your main problem.
>> The "address family not supported by protocol" error for both ldap://
>> ldaps:// means that it isn't only a TLS/SSL issue. I haven't run into
>> one (yet), so hopefully someone who has can help you out with it.
> That's what I hope too ;-)
>> I would try to start out with a barebones server (no SSL/TLS, etc) and
>> from there. If you are already doing this ... I'll light a candle for
> Thank you very much. I really appreciate your help. I will start from the
> beginning again.
You're welcome, good luck!
"You don't stop playing because you grow old ...
you grow old because you stop playing."
Linux Technology Center, Linux Security