[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem enabling ssl on openldap 2.2.13

Am Wed, 5 Jan 2011 13:07:48 +0000
schrieb rui <guideveloper@gmail.com>:

> Hi,
>  The "is not readable by "ldap"" error happens when i start ldap using
>  /etc/rc.d/init.d/ldap restart
>  These three lines are the source of the problem, if i remove them
> then no warning message on restart.
>   TLSCACertificateFile  server.pem
>   TLSCertificateFile            server.pem
>   TLSCertificateKeyFile server.pem
>  I have moved this file to /etc/openldap/cacerts and changed the above
>  three path accordingly.
>  I have also modified ldap.conf to have TLS_CACERT which allows me to
>  do ldapsearch(before it was giving ssl verify problem)now with
>  ldaps://localhost on the same sytem.
>  I still get this when i restart the ldap server using
>  /etc/rc.d/init.d/ldap restart, notice the er.pem after ldap - is it
>  not picking up the path. correctly or its a harmless warning now that
>  ldaps is working i think it is harmless.

It seems to be a typo, and check permissions ot the certificates.
>  is not readable by "ldap"er.pem                      [WARNING]
>  is not readable by "ldap"er.pem
> [WARNING] is not readable by "ldap"er.pem
>     [WARNING] Checking configuration files for slapd:
>    [  OK  ] Starting slapd:
>  [  OK  ]


In order to check TLS connectivity run
openssl s_client -connect host:636 -CAfile /path/to/ca \


Dieter Klünter | Systemberatung
GPG Key ID:DA147B05