[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS authentication broken in Ubuntu 12.04



Ali Gholami wrote:
Thanks Quanah, I could resolve the error but the error message was not
helpful.

I stopped the apparmor service and used strace to debug. I realized the
server certificate path was not defined correctly to be loaded.

I think "p11-kit: couldn't list directory: /etc/pkcs11/modules:
Permission denied " is not really the correct error message. It should
be something like "certificate not found" etc.

Send a bug report to Ubuntu then, this error message comes from their GnuTLS library, not from OpenLDAP.

Ali




On 02/10/2014 10:09 PM, Quanah Gibson-Mount wrote:
--On Sunday, February 09, 2014 11:49 PM +0100 Ali Gholami
<gholami@kth.se> wrote:

I used the debug mode:
---
slapd -d 2
52f80527 @(#) $OpenLDAP: slapd  (Sep 19 2013 22:39:38) $
buildd@panlong:/build/buildd/openldap-2.4.28/debian/build/servers/slapd
p11-kit: couldn't list directory: /etc/pkcs11/modules: Permission denied
52f80527 main: TLS init def ctx failed: -1
52f80527 slapd stopped.
52f80527 connections_destroy: nothing to destroy.
---

Does anyone know why TLS ctx fails to initialize?

Because it gets permission denied when trying to access
/etc/pkcs11/modules, exactly as it states.

--Quanah



--

Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration




--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/