Re: openldap-technical Digest, Vol 97, Issue 15

[Ryan Tandy <ryan@nardis.ca>]

On Thu, Dec 17, 2015 at 06:02:02PM +0300, Andrei Valoshyn wrote:
> In debug slapd -d -1 output I saw that ldap is trying to load from 
> /etc/ldap/slap.d/ directory although i had put 
> "SLAPD_CONF=/etc/ldap/slapd.conf" to /etc/default/slapd. After I clean 
> up /etc/ldap/slap.d/ directory ldap starting load db and schema, but 
> still can't start with error:
> "
> TLS: could not set cipher list HIGH:+TLSv1:+SSLv2:+SSLv3.
> 56728db6 main: TLS init def ctx failed: -1
> 56728db6 slapd destroy: freeing system resources.
> 56728db6 syncinfo_free: rid=115
> 56728db6 slapd stopped.
> 56728db6 connections_destroy: nothing to destroy.
> "
> When I try "openssl ciphers -v HIGH:+TLSv1:+SSLv2:+SSLv3" it's work 
> fine without any error

Which TLS library is your slapd linked against? The cipher strings for 
OpenSSL are very different, for example, for the priority strings for 
GnuTLS.