[Date Prev][Date Next]
Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
Howard Chu <firstname.lastname@example.org> writes:
> Ben Wailea, openldap-software wrote:
>> msgs crossed in the mail, but seems to be the case.
>> again, any issues/problems running openldap as ldap:root, or root:root?
>> or is it 'better' to just make copies of the certs, chown the copies to
>> ldap:ldap, and live with multiple instances?
> Personally I would put ldap and apache into a group and make the key
> readable to that specific group.
Debian, for example, handles cert management by creating an ssl-cert group
and making private keys of certs in /etc/ssl/certs readable by that group
by default, so you can then add the system users for any software that
needs to read private SSL keys to the ssl-cert group.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>