On 04/08/11 19:53 +0530, Naga Chaitanya Palle wrote:
I am trying to configure tls for my ldap server. After successfully creating the below files, I try to start the ldap server and it fails.
/etc/openldap/cacerts/cacert.pem /etc/openldap/cacerts/slapd-cert.pem /etc/openldap/cacerts/slapd-key.pem
The log shows the below messages
main: TLS init def ctx failed: -1 slapd stopped. connections_destroy: nothing to destry.
What command line options are you passing to slapd? What version? What ssl library is your slapd linked against?
Do you get any helping information while starting slapd in debug mode '-d -1'?
Slapd.conf
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /etc/openldap/cacerts/cacert.pem TLSCertificateFile /etc/openldap/cacerts/slapd-cert.pem TLSCertificateKeyFile /etc/openldap/cacerts/slapd-key.pem
Does your openldap user/group have read access to all three files? Does commenting out your 'TLSCipherSuite' option make any difference?
database bdb suffix "dc=comverse-in,dc=com" rootdn "cn=Manager,dc=comverse-in,dc=com" rootpw {SSHA}hBlwVEbzHMzm1Wof9Lb1dA/fcuJDt6pr
/etc/openldap/ldap.conf BASE dc=comverse-in,dc=com URI ldaps://devonly144.comverse-in.com
TLS_CACERT /etc/openldap/cacerts/cacert.pem TLS_CACERTDIR /etc/openldap/cacerts TLS_REQCERT allow
/etc/ldap.conf base dc=comverse-in,dc=com uri ldaps://devonly144.comverse-in.com ssl on