Ali Gholami wrote:
Thanks Quanah, I could resolve the error but the error message was not helpful.
I stopped the apparmor service and used strace to debug. I realized the server certificate path was not defined correctly to be loaded.
I think "p11-kit: couldn't list directory: /etc/pkcs11/modules: Permission denied " is not really the correct error message. It should be something like "certificate not found" etc.
Send a bug report to Ubuntu then, this error message comes from their GnuTLS library, not from OpenLDAP.
Ali
On 02/10/2014 10:09 PM, Quanah Gibson-Mount wrote:
--On Sunday, February 09, 2014 11:49 PM +0100 Ali Gholami gholami@kth.se wrote:
I used the debug mode:
slapd -d 2 52f80527 @(#) $OpenLDAP: slapd (Sep 19 2013 22:39:38) $ buildd@panlong:/build/buildd/openldap-2.4.28/debian/build/servers/slapd p11-kit: couldn't list directory: /etc/pkcs11/modules: Permission denied 52f80527 main: TLS init def ctx failed: -1 52f80527 slapd stopped. 52f80527 connections_destroy: nothing to destroy.
Does anyone know why TLS ctx fails to initialize?
Because it gets permission denied when trying to access /etc/pkcs11/modules, exactly as it states.
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc.
Zimbra :: the leader in open source messaging and collaboration