Am Wed, 5 Jan 2011 13:07:48 +0000 schrieb rui guideveloper@gmail.com:
Hi,
The "is not readable by "ldap"" error happens when i start ldap using /etc/rc.d/init.d/ldap restart These three lines are the source of the problem, if i remove them then no warning message on restart.
TLSCACertificateFile server.pem TLSCertificateFile server.pem TLSCertificateKeyFile server.pem
I have moved this file to /etc/openldap/cacerts and changed the above three path accordingly. I have also modified ldap.conf to have TLS_CACERT which allows me to do ldapsearch(before it was giving ssl verify problem)now with ldaps://localhost on the same sytem.
I still get this when i restart the ldap server using /etc/rc.d/init.d/ldap restart, notice the er.pem after ldap - is it not picking up the path. correctly or its a harmless warning now that ldaps is working i think it is harmless.
It seems to be a typo, and check permissions ot the certificates.
is not readable by "ldap"er.pem [WARNING] is not readable by "ldap"er.pem [WARNING] is not readable by "ldap"er.pem [WARNING] Checking configuration files for slapd: [ OK ] Starting slapd: [ OK ]
[...]
In order to check TLS connectivity run openssl s_client -connect host:636 -CAfile /path/to/ca \ -showcerts
-Dieter