[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    RE: SSL certificate install
From:       Jean-Luc Chandezon <jlch () lan-explore ! fr>
Date:       2023-12-14 17:00:48
Message-ID: PA4PR05MB78084FBF7AEAF093CAF881E2FA8CA () PA4PR05MB7808 ! eurprd05 ! prod ! outlook ! com
[Download RAW message or body]

Thank you Stefan for suggestion
Thank you Howard. It was exactly what I understood. When I start the daemon with \
command line:

slapd -h 'ldap://127.0.0.1:389 ldaps://192.168.190.58:636' -g openldap -u openldap -F \
/etc/ldap/slapd.d/ -d -1

I can see:
657ad073.144a7a3e 0x7f71df270200 TLS: opening `/etc/ssl/private/annuaire.lexp.fr.key' \
failed: Permission denied 657ad073.144b02fb 0x7f71df270200 TLS: could not use private \
key file `/etc/ssl/private/annuaire.lexp.fr.key`.

It is more detailed than rsyslog.
As Quanah suggest, this is due to permission issue.

I can see these rights:
-rw------- 1 openldap openldap 1704 Nov 29 17:37 \
/etc/ssl/private/annuaire.atol.fr.key

I'm trying to check access...

Jean-Luc


> -----Message d'origine-----
> De : Howard Chu <hyc@symas.com>
> Envoyé : jeudi 14 décembre 2023 10:46
> À : Stefan Kania <stefan@kania-online.de>; openldap-
> technical@openldap.org
> Objet : Re: SSL certificate install
> 
> Stefan Kania wrote:
> > Syntax error? Open your file with vi and do a "set: list" and you will see
> additional blanks and tabstops.
> 
> As always - set a higher debug level and examine the debug output. Not the
> syslog output. syslog is for recording routine operation, not for isolating
> problems. Use the debug output for troubleshooting.
> 
> --
> -- Howard Chu
> CTO, Symas Corp.           http://www.symas.com
> Director, Highland Sun     http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP  http://www.openldap.org/project/


[prev in list] [next in list] [prev in thread] [next in thread]