Jason wrote regarding '[SLE] SuSE 9.1, OpenLDAP fine as user ldap, OpenLDAP/TLS only works as user root' on Fri, Oct 08 at 12:36:
I'm trying to get OpenLDAP/TLS working on SuSE 9.1. First I got OpenLDAP without TLS working running as user and group ldap. Then I added the necessary lines to slapd.conf for TLS. The user ldap owns all my certificates and the owning group for them is also ldap. If I run slapd as root, OpenLDAP/TLS works fine. If I run it as ldap, I get the following errors,
Client: ldap_start_tls: Connect error (-11) additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Server: TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher s3_srvr.c:887
If I remove the TLS stuff from slapd.conf and run slapd as user ldap, it again works fine. Any ideas?
What about permissions for the directories containg the certs? Are those also readable by ldap:ldap? --Danny, just a thought from someone who's about to fall asleep at his desk