--On Monday, April 12, 2010 6:13 PM -0400 Lynn York lynn.york@mavenwire.com wrote:
Here is my /etc/openldap/ldap.conf:
uri ldaps://localhost base cn=users,dc=testing,dc=com tls_cacert /etc/openldap/cacerts/ca.key tls_cacertdir /etc/openldap/cacerts tls_reqcert allow
You specify *one* of the two options (Either TLS_CACERT or TLS_CACERTDIR). Not both. If you are specifying the file, then it needs to be the cert, not the key.
TLS: could not load verify locations (file:`/etc/openldap/cacerts/ca.key',dir:`/etc/openldap/cacerts').
However, the certs and key's to exist..
ls -al /etc/openldap/cacerts/ total 44 drwxr-xr-x 3 ldap ldap 4096 Apr 12 13:48 . drwxr-xr-x 4 ldap ldap 4096 Apr 12 18:09 .. drwxr-xr-x 2 ldap ldap 4096 Apr 12 13:45 backup -rw-r--r-- 1 ldap ldap 1805 Apr 12 13:46 ca.cert -rw-r--r-- 1 ldap ldap 1679 Apr 12 13:46 ca.key
What about the permissions on /etc/openldap and /etc/openldap/cacerts?
I.e., if you su - ldap, can you actually read /etc/openldap/cacerts/ca.cert?
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration