Hi everybody,

I would like to apologize me about this email discussion, in specially to Quanah and Howard. After a ton of emails sent, specially the last Quanah email, I've finally understood my error. Due it be a beginner error, I'm very embarrassed to importune you about it.

Then, I would like to apologize me with Quanah, Howard and everyone on openldap-technical@openldap.org list about time spent in this problem.

Finally, I would like thank all involved that has helped me to solve my problem.

OBS: I've removed -aes256 when I've generated server key aiming no encrypting the key. Then I've got to add all olcTLS* entries with ldapmodify and ldif file described in previous emails.

--
Igor Sousa

Em qui, 18 de jul de 2019 às 17:35, Quanah Gibson-Mount <quanah@symas.com> escreveu:

--On Thursday, July 18, 2019 1:08 PM -0700 Quanah Gibson-Mount
<quanah@symas.com> wrote:

>> build@c7rpm:/home/build/git/rheldap/RHEL7_x86_64/BUILD...lapd
>> Jul 18 11:55:29 localhost.localdomain slapd[2133]: main: TLS init def ctx
>> failed: -1
>> Jul 18 11:55:29 localhost.localdomain slapd[2133]: Enter PEM pass phrase:
>
> This clearly indicates your key file is password protected, which is not
> supported.

To be clear, it's not supported to use a password protected key file and
then try and start slapd via an automated init system such as systemd. To
use a password protected key file requires that you start slapd manually so
you can provide the password as part of the startup process so slapd can
access it.

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>