#title OpenLDAP: TLS init def ctx failed: -207
#author Stefan Hornburg (Racke)
#topics blog; OpenLDAP
#date 2009-12-03
#pubdate 2009-12-03T11:21:04+01:00
#lang en



Today I upgraded OpenLDAP in order to fix the insufficient input validation security problem ([[http://www.debian.org/security/2009/dsa-1943][DSA-1943-1]]).

Unfortunately OpenLDAP refused to start after the upgrade.

After adding

<code>loglevel config stats</code>

to the configuration file it gave me at least the meaningful error message:

<code>TLS init def ctx failed: -207</code>.

The research in the [[http://www.openldap.org/lists/openldap-software/200901/msg00134.html][ mailinglist]] led to the solution. It turned out that the openldap user had insufficient permissions for reading the TLS private key.