[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?

Ben Wailea, openldap-software wrote:
On Fri, Aug 15, 2008 at 3:50 PM, Howard Chu<hyc@symas.com> wrote:
Most likely a file permissions error; he said he's using the same cert/key
file as for his Apache server, but most likely the key file is not readable
by the ldap user.

msgs crossed in the mail, but seems to be the case.

again, any issues/problems running openldap as ldap:root, or root:root?

or is it 'better' to just make copies of the certs, chown the copies
to ldap:ldap, and live with multiple instances?

Personally I would put ldap and apache into a group and make the key readable to that specific group.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/