[Date Prev][Date Next]
Re: Unable to start slapd using SSL/TLS
Greg Martin wrote:
My startup command uses -u ldap -g ldap and I have /etc/cert world
readable with the following perms:
drwxr-xr-x 2 root root 144 2005-11-15 00:17 cert/
-rwxr-xr-x 1 root root 951 2005-10-13 21:16 /etc/cert/cacert.pem
-rwxr-xr-x 1 root root 3725 2005-10-13 21:19 /etc/cert/servercrt.pem
-rwxr-xr-x 1 root root 1620 2005-10-13 21:18 /etc/cert/serverkey.pem
I can't speak to your problem, but I would recommend you not leave the
serverkey.pem file world readable. The private key should be read
accessible to the user who runs slapd (ie. ldap).
I also have openssl.cnf available & readable
-rwxr-xr-x 1 root root 9446 2006-02-25 17:16 openssl.cnf
I don't believe this is relevant to OpenLDAP at all.