[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4378) SSL/TLS causes openLDAP failure at start

To: openldap-its@OpenLDAP.org
Subject: (ITS#4378) SSL/TLS causes openLDAP failure at start
From: tboyko@umail.ucsb.edu
Date: Mon, 30 Jan 2006 03:53:46 GMT

Full_Name: Taylor Boyko
Version: 2.3.11
OS: FreeBSD
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (72.1.167.74)


When trying to build in SSL/TLS support on openLDAP 2.3.11 (built from freebsd
ports), slapd crashes when loading.  Below is an error from debug.log:

Jan 29 19:27:32 utility slapd[57534]: @(#) $OpenLDAP: slapd 2.3.11 (Jan 29 2006
18:46:21) $     root@utility.psn:/usr/ports/net/openldap23-server/work/openldap-2.3.11/servers/slapd
Jan 29 19:27:32 utility slapd[57534]: main: TLS init def ctx failed: -1
Jan 29 19:27:32 utility slapd[57534]: slapd stopped.
Jan 29 19:27:32 utility slapd[57534]: connections_destroy: nothing to destroy.


Below are the config lines in slapd.conf for TLS:

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/ssl/ldap.cert
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/ldap.key


/etc/rc.conf reflects what the build process recommended be entered:

slapd_enable="YES"
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/";'
slapd_sockets="/var/run/openldap/ldapi"


The certificates were generated like so:

openssl req -new > ldap.csr
openssl rsa -in privkey.pem -out ldap.key
openssl x509 -in ldap.csr -out ldap.cert -req -signkey ldap.key -days 365

Prev by Date: Re: (ITS#4377)
Next by Date: Re: (ITS#4378) SSL/TLS causes openLDAP failure at start
Index(es):
- Chronological
- Thread