On Thu, Dec 17, 2015 at 06:02:02PM +0300, Andrei Valoshyn wrote:
In debug slapd -d -1 output I saw that ldap is trying to load from /etc/ldap/slap.d/ directory although i had put "SLAPD_CONF=/etc/ldap/slapd.conf" to /etc/default/slapd. After I clean up /etc/ldap/slap.d/ directory ldap starting load db and schema, but still can't start with error: " TLS: could not set cipher list HIGH:+TLSv1:+SSLv2:+SSLv3. 56728db6 main: TLS init def ctx failed: -1 56728db6 slapd destroy: freeing system resources. 56728db6 syncinfo_free: rid=115 56728db6 slapd stopped. 56728db6 connections_destroy: nothing to destroy. " When I try "openssl ciphers -v HIGH:+TLSv1:+SSLv2:+SSLv3" it's work fine without any error
Which TLS library is your slapd linked against? The cipher strings for OpenSSL are very different, for example, for the priority strings for GnuTLS.