The missing bit is that after you create the SSL Certificates of LDAP the owner:group is now root:root for /etc/openldap/ssl/ldap.pem and ensures that slapd cannot start. Since the default chmod is 640 this file must be readable by ldap. Reproducible: Always Steps to Reproduce: 1.create SSL Certificates as root 2.add OPT=-d 255 to /etc/conf.d/slapd 3./etc/init.d/slapd start Actual Results: Fails To Start slapd with message cannot use /etc/openldap/ssl/ldap.pem Expected Results: Started. Modify the documentation en/ldap-howto.xml like this --- en/ldap-howto.xml 2005-06-11 03:14:13.000000000 +0800 +++ en/ldap-howto-bguillot.xml 2005-09-11 23:10:50.000000000 +0800 @@ -215,6 +215,8 @@ the server. This is usually the full dom # <i>cd /etc/ssl</i> # <i>openssl req -config /etc/ssl/openssl.cnf -new -x509 -nodes -out \ ldap.pem -keyout /etc/openldap/ssl/ldap.pem -days 999999</i> + +chown ldap:ldap /etc/openldap/ssl/ldap.pem </pre> <p>
Created attachment 70025 [details, diff] ldap-howto.xml.patch This has the suggested fix for the document as in the above comment, but in a palatable .patch form. :)
Thanks a lot ! :)
