[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLS authentication broken in Ubuntu 12.04
I installed a LDAP server using the instructions
"https://help.ubuntu.com/12.04/serverguide/openldap-server.html"; and
added TLS authentication using:
---
dn: cn=config
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ldap/ssl/cacert.pem
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/ssl/ldapcert.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/ssl/ldapkey.pem
----
After adding this config the server wont start. I checked my
certificates and it seems they have correct ownership/permissions and
also correctly signed:
--------
ls -ali /etc/ldap/ssl/
3279904 drwxr-xr-x 2 openldap openldap 4096 Feb 9 23:19 .
3276955 drwxr-xr-x 7 root root 4096 Feb 9 22:48 ..
3278016 -rw-r--r-- 1 openldap openldap 1159 Feb 9 23:18 cacert.pem
3278017 -rw-r--r-- 1 openldap openldap 1046 Feb 9 23:19 ldapcert.pem
3278018 -rw-r----- 1 openldap ssl-cert 887 Feb 9 23:19 ldapkey.pem
-------
I used the debug mode:
---
slapd -d 2
52f80527 @(#) $OpenLDAP: slapd (Sep 19 2013 22:39:38) $
buildd@panlong:/build/buildd/openldap-2.4.28/debian/build/servers/slapd
p11-kit: couldn't list directory: /etc/pkcs11/modules: Permission denied
52f80527 main: TLS init def ctx failed: -1
52f80527 slapd stopped.
52f80527 connections_destroy: nothing to destroy.
---
Does anyone know why TLS ctx fails to initialize?
Thanks in advance for your answer
Ali