[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?

To: bwailea+10REMOVE_THIS@gmail.com
Subject: Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
From: Howard Chu <hyc@symas.com>
Date: Fri, 15 Aug 2008 16:47:50 -0700
Cc: openldap-software@openldap.org, Philip Guenther <guenther+ldapsoft@sendmail.com>
In-reply-to: <382b79dc0808151626m7eb2e16aycdff5e8eebc31be8@mail.gmail.com>
References: <382b79dc0808151028p2d7aedd8o438caf43b525cf02@mail.gmail.com> <alpine.BSO.1.10.0808151626550.1036@vanye.mho.net> <48A60834.8050201@symas.com> <382b79dc0808151626m7eb2e16aycdff5e8eebc31be8@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9.0.2pre) Gecko/2008081511 SeaMonkey/2.0a1pre

Ben Wailea, openldap-software wrote:

On Fri, Aug 15, 2008 at 3:50 PM, Howard Chu<hyc@symas.com> wrote:

Most likely a file permissions error; he said he's using the same cert/key
file as for his Apache server, but most likely the key file is not readable
by the ldap user.


msgs crossed in the mail, but seems to be the case.

again, any issues/problems running openldap as ldap:root, or root:root?

or is it 'better' to just make copies of the certs, chown the copies
to ldap:ldap, and live with multiple instances?

Personally I would put ldap and apache into a group and make the key readable to that specific group.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: Russ Allbery <rra@stanford.edu>
- Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: "Ben Wailea, openldap-software" <bwailea+10@gmail.com>
- Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: manu@netbsd.org (Emmanuel Dreyfus)

References:
- openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: "Ben Wailea, openldap-software" <bwailea+10@gmail.com>
- Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>
- Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: Howard Chu <hyc@symas.com>
- Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
  - From: "Ben Wailea, openldap-software" <bwailea+10@gmail.com>

Prev by Date: Re: openldap failing to launch if SSL/TLS enabled. error "main: TLS init def ctx failed: -1" ?
Next by Date: ldap client crypto question
Index(es):
- Chronological
- Thread