#title OpenLDAP: TLS init def ctx failed: -207 #author Stefan Hornburg (Racke) #topics blog; OpenLDAP #date 2009-12-03 #pubdate 2009-12-03T11:21:04+01:00 #lang en Today I upgraded OpenLDAP in order to fix the insufficient input validation security problem ([[http://www.debian.org/security/2009/dsa-1943][DSA-1943-1]]). Unfortunately OpenLDAP refused to start after the upgrade. After adding loglevel config stats to the configuration file it gave me at least the meaningful error message: TLS init def ctx failed: -207. The research in the [[http://www.openldap.org/lists/openldap-software/200901/msg00134.html][ mailinglist]] led to the solution. It turned out that the openldap user had insufficient permissions for reading the TLS private key.