[Date Prev][Date Next]
Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
Ben Wailea, openldap-software wrote:
On Fri, Aug 15, 2008 at 3:50 PM, Howard Chu<firstname.lastname@example.org> wrote:
Most likely a file permissions error; he said he's using the same cert/key
file as for his Apache server, but most likely the key file is not readable
by the ldap user.
msgs crossed in the mail, but seems to be the case.
again, any issues/problems running openldap as ldap:root, or root:root?
or is it 'better' to just make copies of the certs, chown the copies
to ldap:ldap, and live with multiple instances?
Personally I would put ldap and apache into a group and make the key readable
to that specific group.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/