[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem running TLS with ldap 2.2.17



Mike O'Rourke wrote:
Quanah Gibson-Mount <quanah@stanford.edu> 12/20/04 06:31am

--On Sunday, December 19, 2004 5:11 PM +0100 Guillaume Rousse <rousse@ccr.jussieu.fr> wrote:


Without TLS, slapd works OK. But when activating it, slapd refuse

to

start:
Dec 15 23:36:58 ryu slapd2.2[22683]: bdb_db_init: Initializing bdb
database
Dec 15 23:36:58 ryu slapd2.2[22683]: main: TLS init def ctx failed:

-1

Dec 15 23:36:58 ryu slapd2.2[22683]: slapd stopped.
Dec 15 23:36:58 ryu slapd2.2[22683]: connections_destroy: nothing

to

destroy.

Here is my TLS configuration:
# TLS configuration
TLSCertificateFile      /etc/ssl/crt/ldap.pem
TLSCertificateKeyFile   /etc/ssl/key/ldap.pem
TLSCACertificateFile    /etc/ssl/crt/ca.pem

This happens on mdk 10.1, with openldap 2.2.17. The same

configuration,

with the same certificates, works fine on Debian with openldap

2.1.29.

Any idea ?

Start slapd with -d -1 and get a better error message?

--Quanah



Do the Debian (which works) and Mandrake (which does not work) systems
have the same FQDN? The certificate's CN part of the DN must match the
host name of the machine that starts OpenLDAP (see Admin Guide 11.1.1,
first sentance). IIRC, slapd will refuse to start if this is not the
case.
It just tried, but it was not the problem. BTW, slapd starts normally with such situation, but any kind of ldaps connection fails.

--
Software bugs are impossible to detect by anybody except the end user.
	-- Murphy's Computer Laws n°10