Am 14.12.23 um 18:00 schrieb Jean-Luc Chandezon:
Thank you Stefan for suggestion
Thank you Howard. It was exactly what I understood. When I start the daemon
with command line:
slapd -h 'ldap://127.0.0.1:389 ldaps://192.168.190.58:636' -g openldap -u
openldap -F /etc/ldap/slapd.d/ -d -1
I can see:
657ad073.144a7a3e 0x7f71df270200 TLS: opening
`/etc/ssl/private/annuaire.lexp.fr.key' failed: Permission denied
657ad073.144b02fb 0x7f71df270200 TLS: could not use private key file
`/etc/ssl/private/annuaire.lexp.fr.key`.
It is more detailed than rsyslog.
As Quanah suggest, this is due to permission issue.
I can see these rights:
-rw------- 1 openldap openldap 1704 Nov 29 17:37
/etc/ssl/private/annuaire.atol.fr.key
On debian, /etc/ssl/private is only readable by root and members of
ssl-cert.
You ćan either add your openldap user to this group or move your
certificate to /etc/ldap.
Best regards
Ulf
