[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP/TLS main: TLS init def ctx failed: -207

To: openldap-software@openldap.org
Subject: OpenLDAP/TLS main: TLS init def ctx failed: -207
From: Technical Home <technicalhome@aliceadsl.fr>
Date: Sun, 25 Jan 2009 19:05:05 +0100
User-agent: Thunderbird 2.0.0.19 (X11/20090105)

Hello,

I now try to add SSL/TLS support to my OpenLDAP server 2.4.11 . So I create a CA and a signed certificate by this CA. This point seems to be ok :

------------------------------------------------------------------------------------------------------------------------------------------------------ root@SERVER:~# openssl verify -CAfile /etc/ssl/certs/cacert.pem /etc/ssl/certs/SERVER.crt /etc/ssl/certs/SERVER.crt: OK ------------------------------------------------------------------------------------------------------------------------------------------------------

And i add it to my slapd configuration with following commands as specified in the ubuntu documentation (https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html#openldap-configuration)

------------------------------------------------------------------------------------------------------------------------------------------------------
root@SERVER:~# ldapmodify -x -D cn=admin,cn=config -W
Enter LDAP Password:
dn: cn=config
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/certs/SERVER.crt
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/private/cakey.pem

modifying entry "cn=config"
------------------------------------------------------------------------------------------------------------------------------------------------------

But when restarting slapd, I always obtain this output : ------------------------------------------------------------------------------------------------------------------------------------------------------ root@SERVER:~# slapd -h 'ldap://127.0.0.1:389 ldaps://192.168.1.200:636' -g openldap -u openldap -F /etc/ldap/slapd.d/ -d 16383 @(#) $OpenLDAP: slapd 2.4.11 (Oct 24 2008 23:44:05) $ buildd@palmer:/build/buildd/openldap-2.4.11/debian/build/servers/slapd main: TLS init def ctx failed: -207 slapd stopped. connections_destroy: nothing to destroy. ------------------------------------------------------------------------------------------------------------------------------------------------------

I search all my sunday long what could be this "main: TLS init def ctx failed: -207" but I was not able to find what causes it. In openssl file ssl.h, 207 code refers to the macro "#define SSL_F_SSL_VERIFY_CERT_CHAIN 207". It seems to mean that it (slapd or openssl ?) can't verify my certificate string, but I just verified before my certificate with the openssl command which told it is OK. I'm lost. Can you help me ?

Thanks in advance,
Regards,
Gilles

Follow-Ups:
- Re: OpenLDAP/TLS main: TLS init def ctx failed: -207
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Re: OpenLDAP/TLS main: TLS init def ctx failed: -207
  - From: Harry Jede <walk2sun@arcor.de>

Prev by Date: Re: [OPENLDAP] slapd password confusion
Next by Date: Re: OpenLDAP/TLS main: TLS init def ctx failed: -207
Index(es):
- Chronological
- Thread