Ali Gholami wrote:
Thanks Quanah, I could resolve the error but the error message was not
helpful.
I stopped the apparmor service and used strace to debug. I realized the
server certificate path was not defined correctly to be loaded.
I think "p11-kit: couldn't list directory: /etc/pkcs11/modules:
Permission denied " is not really the correct error message. It should
be something like "certificate not found" etc.
Send a bug report to Ubuntu then, this error message comes from their GnuTLS
library, not from OpenLDAP.
Ali
On 02/10/2014 10:09 PM, Quanah Gibson-Mount wrote:
--On Sunday, February 09, 2014 11:49 PM +0100 Ali Gholami
<ghol...@kth.se> wrote:
I used the debug mode:
---
slapd -d 2
52f80527 @(#) $OpenLDAP: slapd (Sep 19 2013 22:39:38) $
buildd@panlong:/build/buildd/openldap-2.4.28/debian/build/servers/slapd
p11-kit: couldn't list directory: /etc/pkcs11/modules: Permission denied
52f80527 main: TLS init def ctx failed: -1
52f80527 slapd stopped.
52f80527 connections_destroy: nothing to destroy.
---
Does anyone know why TLS ctx fails to initialize?
Because it gets permission denied when trying to access
/etc/pkcs11/modules, exactly as it states.
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/