From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4 Description of problem: The default init script (/etc/rc.d/init.d/ldap) performs a check of the config file (/etc/openldap/slapd.conf) to check for whether to run over an SSL port by grepping for /^TLS/. If TLS options are _not_ set, the daemon is started with: -u ldap -h "ldap:///" And results in a proper startup: <snip> daemon_init: listen on ldap:/// daemon_init: 1 listeners to open... ldap_url_parse_ext(ldap:///) daemon: initialized ldap:/// daemon_init: 2 listeners opened slapd init: initiated server. slap_sasl_init: initialized! </snip> If TLS options are set, the daemon is started with: -u ldap -h '"ldap:/// ldaps:///"' And results in: <snip> daemon_init: listen on "ldap:/// daemon_init: listen on ldaps:///" daemon_init: 2 listeners to open... ldap_url_parse_ext("ldap:///) daemon: listen URL ""ldap:///" parse error=3 slapd stopped. connections_destroy: nothing to destroy. </snip> When removing the single quotes from the URL spec results in a proper startup: <snip> daemon_init: listen on ldap:/// daemon_init: listen on ldaps:/// daemon_init: 2 listeners to open... ldap_url_parse_ext(ldap:///) daemon: initialized ldap:/// ldap_url_parse_ext(ldaps:///) daemon: initialized ldaps:/// daemon_init: 4 listeners opened slapd init: initiated server. slap_sasl_init: initialized! </snip> Version-Release number of selected component (if applicable): openldap-servers-2.2.13-2 How reproducible: Always Steps to Reproduce: 1. Install openldap server RPM. 2. Create certs and specify with TLS* lines. 3. Watch it burn. Actual Results: Doesn't start the slapd daemon. Expected Results: Should start the slapd daemon. Additional info: This reminds me of the previous init script for EL3 bind9 initscript that didn't work with chroot... simple fix also.
It seems to me that the single quote is there intentionally - the daemon() function removes it (at least in RHEL-4.5) and slapd is called with -u "ldap:/// ldaps:///".