Bug#381788: [Pkg-openldap-devel] Re: Bug#381788: slapd: TLS
connections fail when running as non-root
Quanah Gibson-Mount
quanah at stanford.edu
Wed Aug 9 04:53:03 UTC 2006
--On Tuesday, August 08, 2006 10:28 PM -0600 "Berg, Michael"
<michaeljberg at gmail.com> wrote:
>> Does it work if you use "-h localhost" (similar to what you were doing
>> with the openssl command)?
>>
>> Generally, you must provide the fully qualified domain name to the "-h"
>> parameter for SSL/TLS to work.
>>
>> For example, "-h ldap" doesn't work for me, but "-h ldap.stanford.edu"
>> does.
>
> My FQDN is "server.misumasu.dyndns.org", which also has a CNAME of
> "ldap.misumasu.dyndns.org" (this CNAME is what the SSL cert is issued to).
Okay, hm. Can you try this, preferably with daemontools:
/usr/bin/setuidgid openldap /bin/cat </path/to/certs/certfiles>
for every cert you believe the server should be able to read. It really
seems like the "openldap" user/group doesn't have permission to something
that it should.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Pkg-openldap-devel
mailing list