I currently have a stack of iRedMail installed,and one of the services is an OpenLDAP 2.4 version,which I am unable to configure properly for a certificate other than iRedMail which is stored on /etc/ssl/certs and /etc/ssl/private.
Whenever I try to start slapd with the letsencrypt certificates it fails with
58c03b6a main: TLS init def ctx failed: -1
Now,I was guessing file permission issues on the certificates so I have tried and doublechecked the following
- Changed ownership of letsencrypt to openldap user.
- Run cats as openldap user and verified it can read the certificates.
- Added letsencrypt live folder to slapd's apparmor permissions.
- Doublechecked that letsencrypt files are pure pem formatted certs and keys.
And still it refuses to start slapd properly,while throwing the tls error which from ssl.h corresponds to SSL_ERROR_SSL and offers no more insight on what's failing.
Could it be because letsencrypt uses symlinks? Or something with the certificates from letsencrypt? Has anyone used them successfully with OpenLdap and slapd?
I am at a loss here. Any help would be welcome.