[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?

On Fri, Aug 15, 2008 at 4:47 PM, Howard Chu <hyc@symas.com> wrote:
> Personally I would put ldap and apache into a group and make the key
> readable to that specific group.

easy & works like a champ.  thanks!

for others' ref:

cat /etc/apache2/uid.conf
	User  wwwrun
	Group www
egrep "OPENLDAP_USER=|OPENLDAP_GROUP=" /etc/sysconfig/openldap

groupadd wwwssl
grep wwwssl /etc/group
usermod -G wwwssl ldap
usermod -G wwwssl wwwrun

mkdir -p /usr/local/etc/ssl
cd       /usr/local/etc/ssl
mkdir    ssl.crt
mkdir    ssl.key

cp {.../ca.crt,.../svr.crt} ssl.crt/
cp  .../svr.key             ssl.key/

chown -R root:wwwssl /usr/local/etc/ssl
chmod 755 ssl.crt
chmod 750 ssl.key

chmod 644 ssl.crt/ca.crt
chmod 644 ssl.crt/svr.crt
chmod 640 ssl.key/svr.key

point apache2 & openldap confs as these files.

service apache2 start
	Starting httpd2 (prefork)                                             done

service ldap start
	Starting ldap-server                                                  done

ps ax | egrep "http|ldap"
 8359 ?        S<s    0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
 8603 ?        S<sl   0:00 /usr/lib/openldap/slapd -h ldap://   -f
/etc/openldap/slapd.conf -u ldap -g ldap -4 -o slp=on