[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP/TLS main: TLS init def ctx failed: -207

On Sun, 25 Jan 2009, Technical Home wrote:
olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
olcTLSCertificateFile: /etc/ssl/certs/SERVER.crt
olcTLSCertificateKeyFile: /etc/ssl/private/cakey.pem
[we get]
root@SERVER:~# slapd -h 'ldap:// ldaps://' -g openldap -u openldap -F /etc/ldap/slapd.d/ -d 16383
@(#) $OpenLDAP: slapd 2.4.11 (Oct 24 2008 23:44:05) $
main: TLS init def ctx failed: -207
slapd stopped.
connections_destroy: nothing to destroy.
[which is]
ssl.h, 207 code refers to the macro "#define SSL_F_SSL_VERIFY_CERT_CHAIN

Are you sure that all of these files are readable as group/user "openldap"?

Make sure that those options really are present/being parsed properly, perhaps by setting debug level "config" and/or looking for open() with strace or similar. Actually, a strace on open() would be the appropriate test for my EPERM theory, too. If they're not....upgrade to the latest available version. There were some back-config fixes in 2.4.13, for example.