[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS issue



On 04/08/11 19:53 +0530, Naga Chaitanya Palle wrote:
I am trying to configure tls for my ldap server.
After successfully creating the below files, I try to start the ldap server and it fails.

/etc/openldap/cacerts/cacert.pem
/etc/openldap/cacerts/slapd-cert.pem
/etc/openldap/cacerts/slapd-key.pem

The log shows the below messages

main: TLS init def ctx failed: -1
slapd stopped.
connections_destroy: nothing to destry.

What command line options are you passing to slapd? What version? What ssl
library is your slapd linked against?

Do you get any helping information while starting slapd in debug mode '-d
-1'?

Slapd.conf

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
TLSCertificateFile /etc/openldap/cacerts/slapd-cert.pem
TLSCertificateKeyFile /etc/openldap/cacerts/slapd-key.pem

Does your openldap user/group have read access to all three files?
Does commenting out your 'TLSCipherSuite' option make any difference?

database         bdb
suffix   "dc=comverse-in,dc=com"
rootdn   "cn=Manager,dc=comverse-in,dc=com"
rootpw   {SSHA}hBlwVEbzHMzm1Wof9Lb1dA/fcuJDt6pr

/etc/openldap/ldap.conf
BASE     dc=comverse-in,dc=com
URI ldaps://devonly144.comverse-in.com

TLS_CACERT    /etc/openldap/cacerts/cacert.pem
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT     allow

/etc/ldap.conf
base     dc=comverse-in,dc=com
uri ldaps://devonly144.comverse-in.com
ssl on

--
Dan White