[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unable to start slapd using SSL/TLS

Greg Martin wrote:
My startup command uses -u ldap -g ldap and I have /etc/cert world
readable with the following perms:

drwxr-xr-x    2 root    root       144 2005-11-15 00:17 cert/
-rwxr-xr-x  1 root root  951 2005-10-13 21:16 /etc/cert/cacert.pem
-rwxr-xr-x  1 root root 3725 2005-10-13 21:19 /etc/cert/servercrt.pem
-rwxr-xr-x  1 root root 1620 2005-10-13 21:18 /etc/cert/serverkey.pem

I can't speak to your problem, but I would recommend you not leave the serverkey.pem file world readable. The private key should be read accessible to the user who runs slapd (ie. ldap).

I also have openssl.cnf available & readable
-rwxr-xr-x  1 root root 9446 2006-02-25 17:16 openssl.cnf

I don't believe this is relevant to OpenLDAP at all.

Jon Roberts