I was using the how-to referenced by the OP. I was also using this one on certificates.
https://help.ubuntu.com/9.04/serverguide/C/certificates-and- security.html What got me messed up was a small, but important point that got lost between the two how-tos. The LDAP how-to takes advantage of the group ssl-cert which has read privileges on /etc/ssl/private. They had the nifty idea of putting the openldap account into the ssc-cert group. The certificate how-to says to put the key into the /etc/ssl/private. This is fine, but while the /etc/ssl/private folder was readable by openldap, the new copied keyfile was not. Unfortunately for me (and probably others) the only error I got was the one the OP was also getting. A trick I discovered can help: become root: sudo -i become openldap: su openldap check priviledges: cat /etc/ssl/private/nameofmyserver.key It helped me track down the answer. -- ldap tls refusing to initialize https://bugs.launchpad.net/bugs/420277 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs