Am Wed, 5 Jan 2011 13:07:48 +0000 schrieb rui <[email protected]>:
> Hi, > > The "is not readable by "ldap"" error happens when i start ldap using > /etc/rc.d/init.d/ldap restart > These three lines are the source of the problem, if i remove them > then no warning message on restart. > > TLSCACertificateFile server.pem > TLSCertificateFile server.pem > TLSCertificateKeyFile server.pem > > I have moved this file to /etc/openldap/cacerts and changed the above > three path accordingly. > I have also modified ldap.conf to have TLS_CACERT which allows me to > do ldapsearch(before it was giving ssl verify problem)now with > ldaps://localhost on the same sytem. > > > I still get this when i restart the ldap server using > /etc/rc.d/init.d/ldap restart, notice the er.pem after ldap - is it > not picking up the path. correctly or its a harmless warning now that > ldaps is working i think it is harmless. It seems to be a typo, and check permissions ot the certificates. > > is not readable by "ldap"er.pem [WARNING] > is not readable by "ldap"er.pem > [WARNING] is not readable by "ldap"er.pem > [WARNING] Checking configuration files for slapd: > [ OK ] Starting slapd: > [ OK ] [...] In order to check TLS connectivity run openssl s_client -connect host:636 -CAfile /path/to/ca \ -showcerts -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
