Public bug reported:
While following the instructions on how to set up TLS for OpenLDAP
described on https://help.ubuntu.com/12.10/serverguide/openldap-
server.html#openldap-tls, I found that slapd would not start due to lack
of permissions for the user openldap to read the private cert on
/etc/ssl/private/ldap01_slapd_key.pem.
Restarting slapd failed with the following error on /var/log/syslog:
Mar 31 02:39:06 ldap01 slapd[10197]: main: TLS init def ctx failed: -1
Mar 31 02:39:06 ldap01 slapd[10197]: slapd stopped.
Mar 31 02:39:06 ldap01 slapd[10197]: connections_destroy: nothing to destroy.
I could fix that by adding openldap to the ssl-cert group and allowing the
group to read the /etc/ssl/private directory.
usermod -G ssl-cert openldap
sudo chmod g+r /etc/ssl/private
Cheers,
Bruno
** Affects: ubuntu-docs (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1162403
Title:
OpenLDAP TLS wrong access permissions
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/1162403/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
