[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS error on startup

> De : Quanah Gibson-Mount <quanah@zimbra.com>

> À : Brian Empson <brian_empson@yahoo.com>; openldap-technical@openldap.org
>>  I'm having an issue starting up slapd with TLS enabled. I tried to 
> search
>>  for the error code but I couldn't find any GnuTLS error codes that 
> match.
>>  Here are the log entries that appear:
>>  Sep 25 21:07:05 dir0 slapd[15018]: main: TLS init def ctx failed: -1
> 95% of the time, this means slapd can't access the files you have 
> specified.  This could be blocked by things like AppArmor in addition to 
> file/directory permissions.  At a guess, your permissions on /etc/openldap/ssl 
> are wrong, as it is missing "x".
> I would suggest you try reading the various files "as" the _openldap 
> user using sudo.

In your first mail I can see that you have
[09/25/12  9:16PM][root@dir0 /etc/openldap]# ls -lah ssl
total 12
drw-------  2 _openldap  _openldap   512B Sep 25 19:59 .

I don't see the x permission, that could mean that the _openldap user cannot enter the directory.
Moreover the permissions for other files rwxrwxrwx or rw-r--r-- could be improved