[Bug 420277] Re: ldap tls refusing to initialize
Dave Vree
david.h.vree at gmail.com
Wed Sep 23 01:34:43 BST 2009
I was using the how-to referenced by the OP. I was also using this one
on certificates.
https://help.ubuntu.com/9.04/serverguide/C/certificates-and-
security.html
What got me messed up was a small, but important point that got lost
between the two how-tos. The LDAP how-to takes advantage of the group
ssl-cert which has read privileges on /etc/ssl/private. They had the
nifty idea of putting the openldap account into the ssc-cert group.
The certificate how-to says to put the key into the /etc/ssl/private.
This is fine, but while the /etc/ssl/private folder was readable by
openldap, the new copied keyfile was not. Unfortunately for me (and
probably others) the only error I got was the one the OP was also
getting.
A trick I discovered can help:
become root: sudo -i
become openldap: su openldap
check priviledges: cat /etc/ssl/private/nameofmyserver.key
It helped me track down the answer.
--
ldap tls refusing to initialize
https://bugs.launchpad.net/bugs/420277
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
More information about the Ubuntu-server-bugs
mailing list