Re: TLS authentication broken in Ubuntu 12.04

[Ali Gholami <gholami@kth.se>]

Thanks Quanah, I could resolve the error but the error message was not 
helpful.

I stopped the apparmor service and used strace to debug. I realized the 
server certificate path was not defined correctly to be loaded.

I think "p11-kit: couldn't list directory: /etc/pkcs11/modules: 
Permission denied " is not really the correct error message. It should 
be something like "certificate not found" etc.

Ali




On 02/10/2014 10:09 PM, Quanah Gibson-Mount wrote:
> --On Sunday, February 09, 2014 11:49 PM +0100 Ali Gholami 
> <gholami@kth.se> wrote:
>
> > I used the debug mode:
> > ---
> > slapd -d 2
> > 52f80527 @(#) $OpenLDAP: slapd  (Sep 19 2013 22:39:38) $
> > buildd@panlong:/build/buildd/openldap-2.4.28/debian/build/servers/slapd
> > p11-kit: couldn't list directory: /etc/pkcs11/modules: Permission denied
> > 52f80527 main: TLS init def ctx failed: -1
> > 52f80527 slapd stopped.
> > 52f80527 connections_destroy: nothing to destroy.
> > ---
> >
> > Does anyone know why TLS ctx fails to initialize?
>
> Because it gets permission denied when trying to access 
> /etc/pkcs11/modules, exactly as it states.
>
> --Quanah
>
>
>
> --
>
> Quanah Gibson-Mount
> Architect - Server
> Zimbra, Inc.
> --------------------
> Zimbra ::  the leader in open source messaging and collaboration