[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problem with SSL/TLS

--On Monday, April 12, 2010 6:13 PM -0400 Lynn York <lynn.york@mavenwire.com> wrote:

Here is my /etc/openldap/ldap.conf:

uri ldaps://localhost
base cn=users,dc=testing,dc=com
tls_cacert /etc/openldap/cacerts/ca.key
tls_cacertdir /etc/openldap/cacerts
tls_reqcert allow

You specify *one* of the two options (Either TLS_CACERT or TLS_CACERTDIR). Not both. If you are specifying the file, then it needs to be the cert, not the key.

TLS: could not load verify locations

However, the certs and key's to exist..

ls -al /etc/openldap/cacerts/
total 44
drwxr-xr-x 3 ldap ldap 4096 Apr 12 13:48 .
drwxr-xr-x 4 ldap ldap 4096 Apr 12 18:09 ..
drwxr-xr-x 2 ldap ldap 4096 Apr 12 13:45 backup
-rw-r--r-- 1 ldap ldap 1805 Apr 12 13:46 ca.cert
-rw-r--r-- 1 ldap ldap 1679 Apr 12 13:46 ca.key

What about the permissions on /etc/openldap and /etc/openldap/cacerts?

I.e., if you su - ldap, can you actually read /etc/openldap/cacerts/ca.cert?



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration