Fix: LDAP – slapd error – main: TLS init def ctx failed: -64

After installing and configuration of on 10.10, failed to start with the following error

Starting OpenLDAP: slapd – failed.
The operation failed but no output was produced. For hints on what went
wrong please refer to the system’s logfiles (e.g. /var/log/syslog) or
try running the daemon in Debug mode like via “slapd -d 16383″ (warning:
this will create copious output).

Below, you can find the command line options used by this script to
run slapd. Do not forget to specify those options if you
want to look to debugging output:
slapd -h ‘:/// ldapi:/// ldaps:///’ -g openldap -u openldap -F /etc//slapd.d/

Verifying syslog displayed an error related to TLS certs again.

“main: TLS init def ctx failed: -64″

Certs inside /etc/ssl/private found to be owned by root and group is set to be ssl-cert. As slapd runs as the user openldap, the user should have access to the certs created.

Reading various posts on forums etc, adding openldap user to the ssl-cert group resolved the above said issue

Tags: , , ,