Quanah Gibson-Mount quanah@symas.com schrieb am 18.07.2019 um 22:35 in
Nachricht <0DBBAC4F8151F9DFD2CCA8D6@[192.168.1.39]>:
--On Thursday, July 18, 2019 1:08 PM -0700 Quanah Gibson-Mount quanah@symas.com wrote:
build@c7rpm:/home/build/git/rheldap/RHEL7_x86_64/BUILD...lapd Jul 18 11:55:29 localhost.localdomain slapd[2133]: main: TLS init def ctx failed: -1 Jul 18 11:55:29 localhost.localdomain slapd[2133]: Enter PEM pass phrase:
This clearly indicates your key file is password protected, which is not supported.
To be clear, it's not supported to use a password protected key file and then try and start slapd via an automated init system such as systemd. To use a password protected key file requires that you start slapd manually so you can provide the password as part of the startup process so slapd can access it.
Well, it wopuldn't really add security, but maybe slapd should have a mechanism to read the private key's password from some file or pipe in the future.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com