[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS Certificate Generation section and Troubleshooting Checklist

----- "Gavin Henry" <ghenry@suretecsystems.com> wrote:
> Dear All,
> Should we merge the TLS cert generation seciton of the FAQ into
> TLS.sdf?

Sounds good to me.
> Could you all think of some simple questions to ask when
> troubleshooting
> an OpenLDAP "problem" as our users call it ;-)
> See the the "Checklist" in the Troubleshooting section I've started.

(a) use the slaptest tool to verify configurations before starting slapd

(b) Verify that slapd is listening to the specified port(s) (389 and 636, generally) before trying the ldapsearch

(c) Under the debugging slapd section, I'd note the following:
    (i) Loglevel 256 is generally a good first loglevel to try for getting information useful to list members on issues
    (ii) Running slapd -d -1 can often track down fairly simple issues, such as missing schema and incorrect file permissions for the slapd user to things like certs