[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    Re: SSL certificate install
From:       Ulf Volmer <u.volmer () u-v ! de>
Date:       2023-12-14 17:23:38
Message-ID: a8ef16aa-2073-4095-9a3b-a20c35818f0a () u-v ! de
[Download RAW message or body]

Am 14.12.23 um 18:00 schrieb Jean-Luc Chandezon:
> Thank you Stefan for suggestion
> Thank you Howard. It was exactly what I understood. When I start the daemon with \
> command line: 
> slapd -h 'ldap://127.0.0.1:389 ldaps://192.168.190.58:636' -g openldap -u openldap \
> -F /etc/ldap/slapd.d/ -d -1 
> I can see:
> 657ad073.144a7a3e 0x7f71df270200 TLS: opening \
> `/etc/ssl/private/annuaire.lexp.fr.key' failed: Permission denied 657ad073.144b02fb \
> 0x7f71df270200 TLS: could not use private key file \
> `/etc/ssl/private/annuaire.lexp.fr.key`. 
> It is more detailed than rsyslog.
> As Quanah suggest, this is due to permission issue.
> 
> I can see these rights:
> -rw------- 1 openldap openldap 1704 Nov 29 17:37 \
> /etc/ssl/private/annuaire.atol.fr.key


On debian, /etc/ssl/private is only readable by root and members of 
ssl-cert.

You ćan either add your openldap user to this group or move your 
certificate to /etc/ldap.


Best regards

Ulf


[prev in list] [next in list] [prev in thread] [next in thread]