problem error
system: Ubuntu 14.04
version: OpenLDAP 2.4.42
tool: slapd ldap-utils openssl libssl-dev
creates the certificate through openssl and adds it to the cn=config database. Restart the service failed. Syslog error
“main: TLS init def CTX failed: -1”
I created cert file by openssl in ubuntu 14.04. So I installed openssl/libssl-cert before, the error shown in this environment. When started the service, it failed with “main: TLS init def CTX failed: -1 “in syslog.
solution
It works after following steps:
- check your certfile path whether it is correct. Check whether the certificate file path in the cn=config configuration exists and is correct
- check your file permission. Inspection certificate file permissions
chown openldap. Openldap/etc/SSL/certs/ldapcert pem
chown openldap. Openldap/etc/SSL/private/ldapkey pem
chmod -r 0400/etc/SSL/certs/ldapcert. Pem
chmod -r 0400 The/etc/SSL/private/ldapkey. Pem
Example Example:
– rw – r – r – 1 root root 1383 Dec 1 09:47/etc/SSL/certs/cacert pem
– r – 1 the openldap openldap 3808 Dec 1 09:48/etc/SSL/certs/ldapcert pem
– r – 1 the openldap openldap 09:47 891 Dec 1 /etc/ssl/private/ldapkey.pem - Whether install libssl-dev/ssl-cert, especially ssl-cert. Whether libssl-dev/ssl-cert
- Whether add user openldap to group ssl-cert. Adduser openldap ssl-cert adduser openldap ssl-cert
- Whether certfile is correct. Verification certificate is correct
openssl verify - CAfile/etc/SSL/certs/cacert pem/etc/SSL/certs/ldapcert pem- Check apparmor. With the 1 st step, if your cert file is not under the path/etc/SSL /... Your should add your cert file path to/etc/apparmor. D/usr. Sbin. Slapd, then reload the apparmor service like this:
/etc/init. D/apparmor reload
check apparmor, cooperate with the first, if not in the/etc/SSL /.. Need to configure the/etc/apparmor. D/usr. Sbin. Slapd, and restart the apparmor service
If you have any other question, do feel free to concat to me 32634366 @qq.comps:
I have stuck with this for a long time, it done work after installed ssl-cert and added user openldap to group ssl-cert.ref:
http://readthefuckingmanual.net/error/1257/
- Check apparmor. With the 1 st step, if your cert file is not under the path/etc/SSL /... Your should add your cert file path to/etc/apparmor. D/usr. Sbin. Slapd, then reload the apparmor service like this:
Read More:
- gnutls_handshake() failed: A TLS fatal alert has been received
- git clone https:// gnutls_handshake() failed: The TLS connection was non-properly terminated.
- Package pdftex.def Error
- LaTeX Error: File `.def’ not found. [\usepackage]
- error: RPC failed; curl 56 GnuTLS recv error (-9): A TLS packet with unexpected length was
- insmod: init_module ‘hello.ko’ failed (Exec format error)
- Vs error unresolved external symbol_ Main, the symbol in the function “int”__ cdecl invoke_ main
- RT-thread assertion failed at function:rt_application_init
- Failed to talk to init day
- An error is reported for the new Android project. Rejecting re init on previously failed
- Solve win10 docker:error during connect: Get https://192.168.99.100 : 2376 and error checking TLS connection
- Package pdftex.def Error: PDF mode expected, but DVI mode detected!_ mdpi_ Templatex compilation error in winedt
- TLS error: error: RPC error: code = unavailable desc = transport is closing
- When jar file is running: Failed to load Main-Class manifest attribute from ……Solution
- Failed to load Main-Class manifest attribute from when the jar file is running
- ImportError: dlopen: cannot load any more object with static TLS
- Failed to talk to init daemon appears during reboot
- Condahttperror:HTTP000 Connection Failed for URL https://repo.anaconda.com/pkgs/main/win-6
- Modify the tomcat configuration in docker, causing javaagent to report agent library failed to init instrument
- XR: OpenVR Error! OpenVR failed initialization with error code VRInitError_Init_PathRegistryNotFound