Hello, On Sun, Mar 05, 2023 at 09:08:57AM +0800, jeremy ardley wrote: > The problem is when I try and configure private keys for ldap TLS the > permissions are checked and if it's not owned by openldap and permissions > 400 or 600 the configuration fails. > > Is there a known solution to this problem?
My TLS key file is owned by the openldap user. If for some reason you need it to not owned by that user (why?) then I expect you could either: - use group readability (i.e. make a group just for this, put openlad user in that group ands set the key fiule group readable) - use POSIX file acl so that openldap user can read TLS key file regardless of file permissions https://www.server-world.info/en/note?os=Debian_11&p=acl I've not tried it for this specific case but I use it so that Exim can read its TLS key in the same way, and that works fine. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
