[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Certificate key related problem after openldap service reconfiguration



On Monday 15 May 2006 11:15, Jukka Hienola wrote:
> Dear all,
>
> I just replaced my old OpenLDAP master server (now called slave1) with a
> new one (master). After that I changed my old OpenLDAP server (slave1)
> role from master server to slave (replica) server just editing OpenLDAP
> service configuration file.
>
> After changing slapd configuration, I get the following error when
> trying to start old master OpenLDAP server (slave1) as slave service:
>
> [hienola@slave1 ~]$ sudo /usr/sbin/slapd -l local4 -d 256 -u ldap -h \
>    "ldap:/// ldaps:///" -f /etc/openldap/slapd.conf
>
> @(#) $OpenLDAP: slapd 2.2.13 (Oct 18 2005 10:16:10) $
>
> buildsys@sotka.it.helsinki.fi:/usr/src/redhat/BUILD/openldap-2.2.13/\
>    openldap-2.2.13/build-servers/servers/slapd
> bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
> bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
> bdb_db_init: Initializing BDB database
> TLS: could not use key file \
>    `/etc/openldap/cacerts/server-key.pem'.
> TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line \
>    pem_lib.c:632
> TLS: error:02001002:system library:fopen:No such file or \
>    directory bss_file.c:259
> TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:261
> TLS: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system \
>    lib ssl_rsa.c:691
> main: TLS init def ctx failed: -1
> slapd stopped.
> connections_destroy: nothing to destroy.
>
> I haven't made any changes to my certificate files etc.

TLS: could not use key file   `/etc/openldap/cacerts/server-key.pem'.
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:632
TLS: error:02001002:system library:fopen:No such file or directory 
bss_file.c:259

Well, seems that OpenLDAP thinks it should 
open /etc/openldap/cacerts/server-key.pem, but this file does not exist. 
Either tell it not to open this file, or put the file there.


> Slave service's 
> OpenLDAP service configuration is copied from another slave server
> (slave2), which is working fine with my new OpenLDAP master server
> (master). Of course I have made required changes to configuration files
> so that any references to another slave server (slave2) are replaced
> with references to my old master server (slave1). User ldap has required
> permissions to certificate directory and certificate files.

Maybe paths are wrong, but I've never seen this error (from openssl/libssl) be 
wrong ... it's always been 100% correct.

> Any ideas what could cause that kind of behaviour, or how I should start
> to solve this problem?

Regards,
Buchan


-- 
Buchan Milne
ISP Systems Specialist
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

Attachment: pgpsu2sDY9wmO.pgp
Description: PGP signature