On 12/17/2015 07:14 PM, Ryan Tandy wrote:
On Thu, Dec 17, 2015 at 06:02:02PM +0300, Andrei Valoshyn wrote:
In debug slapd -d -1 output I saw that ldap is trying to load from /etc/ldap/slap.d/ directory although i had put "SLAPD_CONF=/etc/ldap/slapd.conf" to /etc/default/slapd. After I clean up /etc/ldap/slap.d/ directory ldap starting load db and schema, but still can't start with error: " TLS: could not set cipher list HIGH:+TLSv1:+SSLv2:+SSLv3. 56728db6 main: TLS init def ctx failed: -1 56728db6 slapd destroy: freeing system resources. 56728db6 syncinfo_free: rid=115 56728db6 slapd stopped. 56728db6 connections_destroy: nothing to destroy. " When I try "openssl ciphers -v HIGH:+TLSv1:+SSLv2:+SSLv3" it's work fine without any error
Which TLS library is your slapd linked against? The cipher strings for OpenSSL are very different, for example, for the priority strings for GnuTLS.
Issue was fixed. I have incorrect ssl certificates. Thank guys!