--On Tuesday, September 25, 2012 6:20 PM -0700 Brian Empson <brian_empson(a)yahoo.com&gt; wrote: 95% of the time, this means slapd can't access the files you have specified. This could be blocked by things like AppArmor in addition to file/directory permissions. At a guess, your permissions on /etc/openldap/ssl are wrong, as it is missing "x". I would suggest you try reading the various files "as" the _openldap user using sudo. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

Brian: Check the permission of your cert and key files. Thanks a lot! Yan From: openldap-technical-bounces(a)OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Brian Empson Sent: Tuesday, September 25, 2012 9:20 PM To: openldap-technical(a)openldap.org Subject: TLS error on startup Hello, I'm having an issue starting up slapd with TLS enabled. I tried to search for the error code but I couldn't find any GnuTLS error codes that match. Here are the log entries that appear: Sep 25 21:07:05 dir0 slapd[15018]: main: TLS init def ctx failed: -1 Sep 25 21:07:05 dir0 slapd[15018]: DIGEST-MD5 common mech free Sep 25 21:07:05 dir0 slapd[15018]: slapd stopped. Sep 25 21:07:05 dir0 slapd[15018]: connections_destroy: nothing to destroy. Is there a way to check and see if this build is enabled with TLS support? I installed it from a package manager rather than compiling it. Here are the TLS portions of the config: # SSL TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /etc/ssl/ca.pem TLSCertificateFile /etc/openldap/ssl/server.pem TLSCertificateKeyFile /etc/openldap/ssl/server.key TLSVerifyClient demand Here are the files listed: (I changed the permissions during troubleshooting) [09/25/12 9:16PM][root@dir0 /etc/openldap]# ls -lah ssl total 12 drw------- 2 _openldap _openldap 512B Sep 25 19:59 . drwxr-xr-x 4 root wheel 512B Sep 25 19:54 .. -rwxrwxrwx 1 _openldap _openldap 3B Sep 25 20:08 digits.srl -rwxrwxrwx 1 _openldap _openldap 887B Sep 25 19:56 server.key -rwxrwxrwx 1 _openldap _openldap 904B Sep 25 20:08 server.pem -rwxrwxrwx 1 _openldap _openldap 684B Sep 25 19:57 server.req [09/25/12 9:16PM][root@dir0 /etc/openldap]# ls -lah /etc/ssl total 170 drwxr-xr-x 4 root wheel 512B Sep 25 19:52 . drwxr-xr-x 27 root wheel 2.5K Sep 24 20:50 .. -rw-r--r-- 1 root wheel 912B Sep 23 16:30 ca.crt -rw-r--r-- 1 root wheel 912B Sep 25 19:52 ca.pem -rw-r--r-- 1 root wheel 17B Sep 23 17:51 ca.srl -r--r--r-- 1 root bin 147K Feb 12 2012 cert.pem drwxr-xr-x 2 root wheel 512B Feb 12 2012 lib -r--r--r-- 1 root bin 1.6K Feb 12 2012 openssl.cnf drwx------ 2 root wheel 512B Sep 23 16:29 private -rw-r--r-- 1 root wheel 1.0K Sep 25 19:52 privkey.pem -r--r--r-- 1 root bin 1005B Feb 12 2012 x509v3.cnf Is this an issue with the build I'm running? (SSL not enabled or?) Thanks! Brian