[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP segfaults when used with ssl

Hi list,

> What are we, psychic?
Sorry, I did not mind to bother you, I know by myself how annoying 
a question like my own can be. It's just, I started my openldap 
server with a debugging level of 256 and still all, I can see is 
a segfault at the end. But don't mind that first question anymore.

In the meantime I got a bit more of an understanding of the whole 
process. I was wrong in the first place mixing TLS/SSL with SASL 
(thanks a lot to Shaick). And I recompiled my OpenLDAP server 
using  OpenSSL 0.9.6j instead of 0.9.7 (thanks Howard).

But now I receive the following error when trying to start:

/usr/libexec/slapd -u ldap -g root -f /etc/openldap/slapd.conf -d 10 -h
"ldap:/// ldaps:///"
daemon: socket() failed errno=97 (Address family not supported by
daemon: socket() failed errno=97 (Address family not supported by
/etc/openldap/slapd.conf: line 45: unknown directive "logfile" outside
backend info and database definitions (ignored)
TLS: could not use certificate `/etc/openldap/severcrt.pem'.
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line
TLS: error:02001002:system library:fopen:No such file or directory
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:247
TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
main: TLS init def ctx failed: -1
slapd stopped.
connections_destroy: nothing to destroy.

To give you all (if someone is still reading) a deeper view as to how
I came that far let me tell you that I'm using the OpenLDAP SSL/TLS
Howto by Kent Soper from June 2003.

> As a general note, OpenSSL 0.9.7 doesn't work well with OpenLDAP. I don't
> know if anyone has taken the time to investigate where the compatibility
> issues are yet. I use 0.9.6 for production deployments.
Thanks again.

Maybe someone can help me now,


Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte
Informationen. Wenn Sie nicht der richtige Adressat sind oder 
diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte 
sofort den Absender und vernichten Sie diese Mail. 
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser 
Mail ist nicht gestattet.

This e-mail may contain confidential and/or privileged information. 
If you are not the intended recipient (or have received this e-mail
in error) please notify the sender immediately and destroy this 
e-mail. Any unauthorised copying, disclosure or distribution of the
material in this e-mail is strictly forbidden.