I installed a LDAP server using the instructions "https://help.ubuntu.com/12.04/serverguide/openldap-server.html" and added TLS authentication using:
--- dn: cn=config add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/ssl/cacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/ssl/ldapcert.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/ssl/ldapkey.pem ----
After adding this config the server wont start. I checked my certificates and it seems they have correct ownership/permissions and also correctly signed:
-------- ls -ali /etc/ldap/ssl/
3279904 drwxr-xr-x 2 openldap openldap 4096 Feb 9 23:19 . 3276955 drwxr-xr-x 7 root root 4096 Feb 9 22:48 .. 3278016 -rw-r--r-- 1 openldap openldap 1159 Feb 9 23:18 cacert.pem 3278017 -rw-r--r-- 1 openldap openldap 1046 Feb 9 23:19 ldapcert.pem 3278018 -rw-r----- 1 openldap ssl-cert 887 Feb 9 23:19 ldapkey.pem -------
I used the debug mode: --- slapd -d 2 52f80527 @(#) $OpenLDAP: slapd (Sep 19 2013 22:39:38) $ buildd@panlong:/build/buildd/openldap-2.4.28/debian/build/servers/slapd p11-kit: couldn't list directory: /etc/pkcs11/modules: Permission denied 52f80527 main: TLS init def ctx failed: -1 52f80527 slapd stopped. 52f80527 connections_destroy: nothing to destroy. ---
Does anyone know why TLS ctx fails to initialize?
Thanks in advance for your answer Ali