> De : Quanah Gibson-Mount <[email protected]> > À : Brian Empson <[email protected]>; [email protected] >> I'm having an issue starting up slapd with TLS enabled. I tried to > search >> for the error code but I couldn't find any GnuTLS error codes that > match. >> Here are the log entries that appear: >> >> Sep 25 21:07:05 dir0 slapd[15018]: main: TLS init def ctx failed: -1 > > 95% of the time, this means slapd can't access the files you have > specified. This could be blocked by things like AppArmor in addition to > file/directory permissions. At a guess, your permissions on > /etc/openldap/ssl > are wrong, as it is missing "x". > > I would suggest you try reading the various files "as" the _openldap > user using sudo.
In your first mail I can see that you have [09/25/12 9:16PM][root@dir0 /etc/openldap]# ls -lah ssl total 12 drw------- 2 _openldap _openldap 512B Sep 25 19:59 . I don't see the x permission, that could mean that the _openldap user cannot enter the directory. Moreover the permissions for other files rwxrwxrwx or rw-r--r-- could be improved
