Jason Joines wrote:
I'm trying to get OpenLDAP/TLS working on SuSE 9.1. First I got OpenLDAP without TLS working running as user and group ldap. Then I added the necessary lines to slapd.conf for TLS. The user ldap owns all my certificates and the owning group for them is also ldap. If I run slapd as root, OpenLDAP/TLS works fine. If I run it as ldap, I get the following errors,
Client: ldap_start_tls: Connect error (-11) additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Server: TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher s3_srvr.c:887
If I remove the TLS stuff from slapd.conf and run slapd as user ldap, it again works fine. Any ideas?
Jason Joines =================================
Appears to me more interesting still. I just noticed that if I run slapd from /etc/init.d/ldap, TLS fails whether I specify user and group of root or user and group of ldap in /etc/sysconfig/ldap. If I run slapd from the command line as root, TLS works fine. If I run slapd from the command line as ldap by prividing -u ldap -g ldap to slapd, TLS fails. If I run slapd from the command line as root and also specify -u root -g root, TLS fails. Seems TLS is failing if -u and -g are used at all regardless of what user and group is specified.