I'm running a non-production 2.3.27 slapd server on my home network. I
had to transfer it to another machine so I copied the conf file &
database files to the new machine. Before starting the service I edited
the slapd.conf to comment out the TLS entries since I hadn't installed
openssl & the cert yet.
When I started slapd, it immediately stopped and I received the dreaded
"main: TLS init def ctx failed: -1 " I remembered having this issue
when I was trying to get TLS running. So I ran strace (I'm running
linux 2.6.x) and finally found this:
open("/etc/ssl/myca/cacert.pem", O_RDONLY|O_LARGEFILE) = -1 ENOENT
(No such file or directory)
I was a bit confused and rechecked to make sure I had indeed commented
out all the lines and that slapd was referencing the correct conf file.
All was correct.
On a lark, I took a look at ldap.conf which I had copied from my old
server as well. It still had
TLS_CACERT /etc/ssl/myca/cacert.pem
TLS_REQCERT allow
As soon as I commented out those lines, slapd started and stayed running.
Can someone help me understand the relationship between slapd and the
ldap.conf file? I thought that was the client conf file.
Thanks!
\\Greg
