[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem running TLS with ldap 2.2.17

Mike O'Rourke wrote:
Quanah Gibson-Mount <quanah@stanford.edu> 12/20/04 06:31am

--On Sunday, December 19, 2004 5:11 PM +0100 Guillaume Rousse <rousse@ccr.jussieu.fr> wrote:

Without TLS, slapd works OK. But when activating it, slapd refuse


Dec 15 23:36:58 ryu slapd2.2[22683]: bdb_db_init: Initializing bdb
Dec 15 23:36:58 ryu slapd2.2[22683]: main: TLS init def ctx failed:


Dec 15 23:36:58 ryu slapd2.2[22683]: slapd stopped.
Dec 15 23:36:58 ryu slapd2.2[22683]: connections_destroy: nothing



Here is my TLS configuration:
# TLS configuration
TLSCertificateFile      /etc/ssl/crt/ldap.pem
TLSCertificateKeyFile   /etc/ssl/key/ldap.pem
TLSCACertificateFile    /etc/ssl/crt/ca.pem

This happens on mdk 10.1, with openldap 2.2.17. The same


with the same certificates, works fine on Debian with openldap


Any idea ?

Start slapd with -d -1 and get a better error message?


Do the Debian (which works) and Mandrake (which does not work) systems
have the same FQDN? The certificate's CN part of the DN must match the
host name of the machine that starts OpenLDAP (see Admin Guide 11.1.1,
first sentance). IIRC, slapd will refuse to start if this is not the
It just tried, but it was not the problem. BTW, slapd starts normally with such situation, but any kind of ldaps connection fails.

Software bugs are impossible to detect by anybody except the end user.
	-- Murphy's Computer Laws n°10