4:57 a.m.
Hi there,
I'm using:
slapd -V
@(#) $OpenLDAP: slapd 2.4.21 (Mar 30 2011 18:32:32) $
buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
cat /etc/issue
Ubuntu 10.04.2 LTS \n \l
This is Ubuntu so openldap has been compiled with GnuTLS
ldd /usr/sbin/slapd
.
.
.
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb73a9000)
.
.
.
I've been following this guide
https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html and the
section on TLS works perfectly if I follow the instructions to the letter.
That is, so long as the locations of olcTLSCACertificateFile,
olcTLSCertificate and olcTLSCertificateKeyFile are /etc/ssl/certs,
/etc/ssl/certs and /etc/ssl/private respectively, then slapd will
start. For example:
olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem
olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem
However, if I change the location of any of these files slapd will fail
to start with the error "TLS init def ctx failed: -1".
Should anyone ask, yes I've doubled checked for correct file permissions
and searched for typos. The names of the files does not matter, just
their location.
These appears to be bug to me.
Regards,
Warren.
8:38 a.m.
On Sat, Apr 2, 2011 at 1:57 PM, Warren Howard <warren(a)madtechsupport.com>wrote:
Hi there,
I'm using:
slapd -V
@(#) $OpenLDAP: slapd 2.4.21 (Mar 30 2011 18:32:32) $
buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
cat /etc/issue
Ubuntu 10.04.2 LTS \n \l
This is Ubuntu so openldap has been compiled with GnuTLS
ldd /usr/sbin/slapd
.
.
.
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb73a9000)
.
.
.
I've been following this guide
https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html and the
section on TLS works perfectly if I follow the instructions to the letter.
That is, so long as the locations of olcTLSCACertificateFile,
olcTLSCertificate and olcTLSCertificateKeyFile are /etc/ssl/certs,
/etc/ssl/certs and /etc/ssl/private respectively, then slapd will start.
For example:
olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem
olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem
However, if I change the location of any of these files slapd will fail to
start with the error "TLS init def ctx failed: -1".
Should anyone ask, yes I've doubled checked for correct file permissions
and searched for typos. The names of the files does not matter, just their
location.
These appears to be bug to me.
Regards,
Warren.
Hi,
check your AppArmor configuration. I had same problem some times ago.
You have to add that dirs to apparmor-slapd conf and reload app armor rules.
Hope this helps
Marco
--
_________________________________________
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Jim Morrison
9:13 a.m.
On 02/04/11 9:08 PM, Marco Pizzoli wrote:
On Sat, Apr 2, 2011 at 1:57 PM, Warren Howard
<warren(a)madtechsupport.com <mailto:warren@madtechsupport.com>> wrote:
Hi there,
I'm using:
slapd -V
@(#) $OpenLDAP: slapd 2.4.21 (Mar 30 2011 18:32:32) $
buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
cat /etc/issue
Ubuntu 10.04.2 LTS \n \l
This is Ubuntu so openldap has been compiled with GnuTLS
ldd /usr/sbin/slapd
.
.
.
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb73a9000)
.
.
.
I've been following this guide
https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
and the section on TLS works perfectly if I follow the
instructions to the letter.
That is, so long as the locations of olcTLSCACertificateFile,
olcTLSCertificate and olcTLSCertificateKeyFile are /etc/ssl/certs,
/etc/ssl/certs and /etc/ssl/private respectively, then slapd will
start. For example:
olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem
olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem
However, if I change the location of any of these files slapd will
fail to start with the error "TLS init def ctx failed: -1".
Should anyone ask, yes I've doubled checked for correct file
permissions and searched for typos. The names of the files does
not matter, just their location.
These appears to be bug to me.
Regards,
Warren.
Hi,
check your AppArmor configuration. I had same problem some times ago.
You have to add that dirs to apparmor-slapd conf and reload app armor
rules.
Hope this helps
Marco
--
_________________________________________
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.
Jim Morrison
It was AppArmor.
Thanks heaps for that tip.
Regards,
Warren.
3943
days inactive
3943
days old
openldap-technical@openldap.org
2 comments
2 participants
participants (2)
-
Marco Pizzoli -
Warren Howard