[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS error on startup
- To: Brian Empson <brian_empson@yahoo.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
- Subject: Re: TLS error on startup
- From: Mik J <mikydevel@yahoo.fr>
- Date: Wed, 26 Sep 2012 08:37:41 +0100 (BST)
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.fr; s=s1024; t=1348645061; bh=eII7gocYL8ZcEyr+zTia4kaK3tjdGqPHOLSHKOL7I9Y=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=vOQeJDFg1A2iY9ND1rrejq8JqpXw8+Feb8MLzLK54kLZvxoDfX4teOjihW+YDIy/l63JQeoje1R9od47m9XxMTqo8y9WzrGeZXed/fQEqd+a3EWZuK5AOjWUGiyeObAJ4cb5HGgP6iXGTGAwz0vfLpUxb/ag7HF/fOI7iYGZWJo=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.fr; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=V0yfcQBb6AgwDzKFbPlXpUotvFtbDoEjwQjgHNNd8vqgXJfTivNV9eDuskYYUlfIaCPrWOtVfu57UsRg6tUg70O+o76xgyLzbP/V4QppJx3X5YODW6q2UHaoPjPqJv0OnrXFSbSkAKJy7Zc8fMXhTgF+SYWD2hQhINOawmahqTw=;
- In-reply-to: <1739C1D9C05CE2392B59F488@[192.168.1.43]>
- References: <1348622425.55406.YahooMailNeo@web120204.mail.ne1.yahoo.com> <1739C1D9C05CE2392B59F488@[192.168.1.43]>
> De : Quanah Gibson-Mount <quanah@zimbra.com>
> À : Brian Empson <brian_empson@yahoo.com>; openldap-technical@openldap.org
>> I'm having an issue starting up slapd with TLS enabled. I tried to
> search
>> for the error code but I couldn't find any GnuTLS error codes that
> match.
>> Here are the log entries that appear:
>>
>> Sep 25 21:07:05 dir0 slapd[15018]: main: TLS init def ctx failed: -1
>
> 95% of the time, this means slapd can't access the files you have
> specified. This could be blocked by things like AppArmor in addition to
> file/directory permissions. At a guess, your permissions on /etc/openldap/ssl
> are wrong, as it is missing "x".
>
> I would suggest you try reading the various files "as" the _openldap
> user using sudo.
In your first mail I can see that you have
[09/25/12 9:16PM][root@dir0 /etc/openldap]# ls -lah ssl
total 12
drw------- 2 _openldap _openldap 512B Sep 25 19:59 .
I don't see the x permission, that could mean that the _openldap user cannot enter the directory.
Moreover the permissions for other files rwxrwxrwx or rw-r--r-- could be improved