Hi all,I followed the TLS directives and was able to generate cacert, servercert and server key and also sign it. I also did the configuration o to /usr/local/etc/openldap/slapd.d/cn=config.ldif:
§ olcTLSCACertificateFile: /usr/local/etc/openldap/cacert.pem
§ olcTLSCertificateFile: /usr/local/etc/openldap/servercrt.pem
§ olcTLSCertificateKeyFile: /usr/local/etc/openldap/serverkey.pem Everything was working fine but when I shut down slapd, it doesn't start and gives me this error daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol)Feb 26 15:28:56 lap00551 slapd[14775]: main: TLS init def ctx failed: -1 Can Someone please tell me what the error is and how I fix the issue? Thanks Jeevan
On 02/26/15 20:53 +0000, jeevan kc wrote:
Hi all,I followed the TLS directives and was able to generate cacert, servercert and server key and also sign it. I also did the configuration o to /usr/local/etc/openldap/slapd.d/cn=config.ldif:
§ olcTLSCACertificateFile: /usr/local/etc/openldap/cacert.pem
§ olcTLSCertificateFile: /usr/local/etc/openldap/servercrt.pem
§ olcTLSCertificateKeyFile: /usr/local/etc/openldap/serverkey.pem
Everything was working fine but when I shut down slapd, it doesn't start and gives me this error
daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol)
Feb 26 15:28:56 lap00551 slapd[14775]: main: TLS init def ctx failed: -1 Can Someone please tell me what the error is and how I fix the issue?
Which version of OpenLDAP, and which SSL library have you compiled against?
Verify permissions to the 3 files above, for the user that slapd is running as. Verify your configuration matches the configuration options necessary to support your SSL library. See slapd-config(5), and the TLS OPTIONS section.
Hi Dan,OpenLDAP version 2.4.30OpenSSL version 1.0.0dAre these two compatible? Also I've verified the permissions. Your reply is appreciated . Thanks Jeevan
Date: Thu, 26 Feb 2015 15:04:40 -0600 From: dwhite@cafedemocracy.org To: jeev_biz@hotmail.com CC: openldap-technical@openldap.org Subject: Re: main: TLS init def ctx failed: -1
On 02/26/15 20:53 +0000, jeevan kc wrote:
Hi all,I followed the TLS directives and was able to generate cacert, servercert and server key and also sign it. I also did the configuration o to /usr/local/etc/openldap/slapd.d/cn=config.ldif:
§ olcTLSCACertificateFile: /usr/local/etc/openldap/cacert.pem
§ olcTLSCertificateFile: /usr/local/etc/openldap/servercrt.pem
§ olcTLSCertificateKeyFile: /usr/local/etc/openldap/serverkey.pem
Everything was working fine but when I shut down slapd, it doesn't start and gives me this error
daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol)
Feb 26 15:28:56 lap00551 slapd[14775]: main: TLS init def ctx failed: -1 Can Someone please tell me what the error is and how I fix the issue?
Which version of OpenLDAP, and which SSL library have you compiled against?
Verify permissions to the 3 files above, for the user that slapd is running as. Verify your configuration matches the configuration options necessary to support your SSL library. See slapd-config(5), and the TLS OPTIONS section.
-- Dan White
Date: Thu, 26 Feb 2015 15:04:40 -0600 From: dwhite@cafedemocracy.org To: jeev_biz@hotmail.com CC: openldap-technical@openldap.org Subject: Re: main: TLS init def ctx failed: -1
On 02/26/15 20:53 +0000, jeevan kc wrote:
§ olcTLSCACertificateFile: /usr/local/etc/openldap/cacert.pem § olcTLSCertificateFile: /usr/local/etc/openldap/servercrt.pem § olcTLSCertificateKeyFile: /usr/local/etc/openldap/serverkey.pem
Feb 26 15:28:56 lap00551 slapd[14775]: main: TLS init def ctx failed: -1 Can Someone please tell me what the error is and how I fix the issue?
Which version of OpenLDAP, and which SSL library have you compiled against?
Verify permissions to the 3 files above, for the user that slapd is running
On 02/26/15 21:30 +0000, jeevan kc wrote:
Hi Dan,OpenLDAP version 2.4.30OpenSSL version 1.0.0dAre these two compatible? Also I've verified the permissions. Your reply is appreciated . Thanks
Try increasing your debug log level, or starting slapd in debug mode for additional details.
Use 'openssl verify' (manpage verify(1)) to verify your cert. Running the command *as* your slapd user could also verify permissions.
Am Thu, 26 Feb 2015 20:53:22 +0000 schrieb jeevan kc jeev_biz@hotmail.com:
Hi all,I followed the TLS directives and was able to generate cacert, servercert and server key and also sign it. I also did the configuration o to /usr/local/etc/openldap/slapd.d/cn=config.ldif:
§ olcTLSCACertificateFile: /usr/local/etc/openldap/cacert.pem
§ olcTLSCertificateFile: /usr/local/etc/openldap/servercrt.pem
§ olcTLSCertificateKeyFile: /usr/local/etc/openldap/serverkey.pem Everything was working fine but when I shut down slapd, it doesn't start and gives me this error daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol)Feb 26 15:28:56 lap00551 slapd[14775]: main: TLS init def ctx failed: -1 Can Someone please tell me what the error is and how I fix the issue? Thanks Jeevan
It seems your openldap version has not been build for ipv6 but your network provides ipv6.
-Dieter
openldap-technical@openldap.org
-
Dan White -
Dieter Klünter -
jeevan kc