James Hartley wrote:
I am working this issue myself... see the following 3 references.
Followed this to the letter, yet when I attempt to restart slapd, I get:
slapd[34145]: main: TLS init def ctx failed: -1 slapd[34145]: slapd stopped.
in my logs. Googling sheds no light. Thoughts? OS is FreeBSD, for reference, so a lot of Solaris advice is probably applicable.
-- Jay
Probably worth mentioning the lines from slapd.conf:
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /usr/local/etc/openldap/cacert.pem TLSCertificateFile /usr/local/etc/openldap/servercrt.pem TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
All files exist, and appear to be correct.
-- Jay
--On Wednesday, July 25, 2007 2:33 PM -0700 Jay Chandler chandler.lists@chapman.edu wrote:
Probably worth mentioning the lines from slapd.conf:
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /usr/local/etc/openldap/cacert.pem TLSCertificateFile /usr/local/etc/openldap/servercrt.pem TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
All files exist, and appear to be correct.
And are they readable by the slapd user?
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Quanah Gibson-Mount wrote:
--On Wednesday, July 25, 2007 2:33 PM -0700 Jay Chandler chandler.lists@chapman.edu wrote:
Probably worth mentioning the lines from slapd.conf:
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /usr/local/etc/openldap/cacert.pem TLSCertificateFile /usr/local/etc/openldap/servercrt.pem TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
All files exist, and appear to be correct.
And are they readable by the slapd user?
Oh jeez-- that got it.
Thanks!
--Jay
On 7/25/07, Jay Chandler chandler.lists@chapman.edu wrote:
James Hartley wrote:
I am working this issue myself... see the following 3 references.
Followed this to the letter, yet when I attempt to restart slapd, I get:
slapd[34145]: main: TLS init def ctx failed: -1 slapd[34145]: slapd stopped.
in my logs. Googling sheds no light. Thoughts? OS is FreeBSD, for reference, so a lot of Solaris advice is probably applicable.
-- Jay
I'm afraid I am no help, but did want to mention, I am having the same problem with a Debian machine. I have also made many attempts, following several instruction sets on how to create the certificates, to no avail, and the same error message...
~maria
"Maria McKinley" parody@u.washington.edu writes:
On 7/25/07, Jay Chandler chandler.lists@chapman.edu wrote:
Followed this to the letter, yet when I attempt to restart slapd, I get:
slapd[34145]: main: TLS init def ctx failed: -1 slapd[34145]: slapd stopped.
in my logs. Googling sheds no light. Thoughts? OS is FreeBSD, for reference, so a lot of Solaris advice is probably applicable.
I'm afraid I am no help, but did want to mention, I am having the same problem with a Debian machine. I have also made many attempts, following several instruction sets on how to create the certificates, to no avail, and the same error message...
You pretty much have to run slapd with -d in order to get any useful error messages. Try starting with slapd -d 1 and increase to 3, 7, 15, 31, 63, and so forth (2^n - 1) to add more bits to the debug bitmask until you get some useful error message.
openldap-software@openldap.org
-
Jay Chandler -
Maria McKinley -
Michael Ströder -
Quanah Gibson-Mount -
Russ Allbery