#title OpenLDAP: TLS init def ctx failed: -207
#author Stefan Hornburg (Racke)
#topics blog; OpenLDAP
#date 2009-12-03
#pubdate 2009-12-03T11:21:04+01:00
#lang en
Today I upgraded OpenLDAP in order to fix the insufficient input validation security problem ([[http://www.debian.org/security/2009/dsa-1943][DSA-1943-1]]).
Unfortunately OpenLDAP refused to start after the upgrade.
After adding
loglevel config stats
to the configuration file it gave me at least the meaningful error message:
TLS init def ctx failed: -207
.
The research in the [[http://www.openldap.org/lists/openldap-software/200901/msg00134.html][ mailinglist]] led to the solution. It turned out that the openldap user had insufficient permissions for reading the TLS private key.