[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem running TLS with ldap 2.2.17



> Quanah Gibson-Mount <quanah@stanford.edu> 12/20/04 06:31am 
>
>--On Sunday, December 19, 2004 5:11 PM +0100 Guillaume Rousse 
><rousse@ccr.jussieu.fr> wrote:
>
>> Without TLS, slapd works OK. But when activating it, slapd refuse
to
>> start:
>> Dec 15 23:36:58 ryu slapd2.2[22683]: bdb_db_init: Initializing bdb
>> database
>> Dec 15 23:36:58 ryu slapd2.2[22683]: main: TLS init def ctx failed:
-1
>> Dec 15 23:36:58 ryu slapd2.2[22683]: slapd stopped.
>> Dec 15 23:36:58 ryu slapd2.2[22683]: connections_destroy: nothing
to
>> destroy.
>>
>> Here is my TLS configuration:
>># TLS configuration
>> TLSCertificateFile      /etc/ssl/crt/ldap.pem
>> TLSCertificateKeyFile   /etc/ssl/key/ldap.pem
>> TLSCACertificateFile    /etc/ssl/crt/ca.pem
>>
>> This happens on mdk 10.1, with openldap 2.2.17. The same
configuration,
>> with the same certificates, works fine on Debian with openldap
2.1.29.
>>
>> Any idea ?
>
>Start slapd with -d -1 and get a better error message?
>
>--Quanah
>

Do the Debian (which works) and Mandrake (which does not work) systems
have the same FQDN? The certificate's CN part of the DN must match the
host name of the machine that starts OpenLDAP (see Admin Guide 11.1.1,
first sentance). IIRC, slapd will refuse to start if this is not the
case.

Mike.