[Date Prev][Date Next] [Chronological] [Thread] [Top]

Certificate key related problem after openldap service reconfiguration



Dear all,

I just replaced my old OpenLDAP master server (now called slave1) with a new one (master). After that I changed my old OpenLDAP server (slave1) role from master server to slave (replica) server just editing OpenLDAP service configuration file.

After changing slapd configuration, I get the following error when trying to start old master OpenLDAP server (slave1) as slave service:

[hienola@slave1 ~]$ sudo /usr/sbin/slapd -l local4 -d 256 -u ldap -h \
  "ldap:/// ldaps:///" -f /etc/openldap/slapd.conf

@(#) $OpenLDAP: slapd 2.2.13 (Oct 18 2005 10:16:10) $

buildsys@sotka.it.helsinki.fi:/usr/src/redhat/BUILD/openldap-2.2.13/\
  openldap-2.2.13/build-servers/servers/slapd
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
bdb_db_init: Initializing BDB database
TLS: could not use key file \
  `/etc/openldap/cacerts/server-key.pem'.
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line \
  pem_lib.c:632
TLS: error:02001002:system library:fopen:No such file or \
  directory bss_file.c:259
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:261
TLS: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system \
  lib ssl_rsa.c:691
main: TLS init def ctx failed: -1
slapd stopped.
connections_destroy: nothing to destroy.

I haven't made any changes to my certificate files etc. Slave service's OpenLDAP service configuration is copied from another slave server (slave2), which is working fine with my new OpenLDAP master server (master). Of course I have made required changes to configuration files so that any references to another slave server (slave2) are replaced with references to my old master server (slave1). User ldap has required permissions to certificate directory and certificate files.

Any ideas what could cause that kind of behaviour, or how I should start to solve this problem?

Jukka Hienola
--
IT Services Coordinator, Department of Physical Sciences,
University of Helsinki, firstname lastname at helsinki fi,
tel. +358 (0)9 191 50713, fax. +358 (0)9 191 50610