[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unable to start slapd using SSL/TLS

To: greg.martin18@verizon.net
Subject: Re: Unable to start slapd using SSL/TLS
From: Jon Roberts <jon@jonanddeb.net>
Date: Sat, 25 Feb 2006 20:54:11 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <4400EFD6.9020309@gmartin.org>
References: <4400EFD6.9020309@gmartin.org>
User-agent: Mozilla Thunderbird 1.0.6-1.1.fc4 (X11/20050720)

Greg Martin wrote:

My startup command uses -u ldap -g ldap and I have /etc/cert world
readable with the following perms:

drwxr-xr-x    2 root    root       144 2005-11-15 00:17 cert/
-rwxr-xr-x  1 root root  951 2005-10-13 21:16 /etc/cert/cacert.pem
-rwxr-xr-x  1 root root 3725 2005-10-13 21:19 /etc/cert/servercrt.pem
-rwxr-xr-x  1 root root 1620 2005-10-13 21:18 /etc/cert/serverkey.pem

I can't speak to your problem, but I would recommend you not leave the serverkey.pem file world readable. The private key should be read accessible to the user who runs slapd (ie. ldap).

I also have openssl.cnf available & readable
-rwxr-xr-x  1 root root 9446 2006-02-25 17:16 openssl.cnf


I don't believe this is relevant to OpenLDAP at all.

Jon Roberts
www.mentata.com

References:
- Unable to start slapd using SSL/TLS
  - From: Greg Martin <gmartin@gmartin.org>

Prev by Date: Re: ldapmodify
Next by Date: Re: Unable to start slapd using SSL/TLS
Index(es):
- Chronological
- Thread