Hash: SHA256

Dave wrote:
> Hello,
>    I'm setting up a FreeBSD openldap server for authentication. When i
> added in tls parameters, the TLSCACertificateFile, TLSKeyFile, and
> TLSCertificateFile now i am getting the below error. I've checked
> permissions on the keys and they are globally readable. Any suggestions?
> Thanks.
> Dave.
> Jan 26 21:48:38 ldap slapd[43560]: main: TLS init def ctx failed: -1

Setting up TLS with OpenLDAP is tricky.  Much trickier than it should
be IMHO.

Make sure the key file is *not* readable by other than the ldap process
and that it isn't in a world writable directory.

Use 'openssl s_client' to connect to the LDAPS port on your server and
produce better debugging hints.

Try asking on the [EMAIL PROTECTED] list for help: there are
a lot more people that understand OpenLDAP there than on this list.



PS. If you want to use OpenLDAP as both client and server over TLS 
(eg. you're using syncrepl between a number of cloned OpenLDAP instances)
then you really do need superior skills.  OpenLDAP only understands
one key+cert, so you have to fiddle with the 'Netscape Cert Type' field
to make a cert that is usable for both client and server.  Fun!

- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to