Re: slapd makes very strange troubles in VServer

[Howard Chu <hyc@symas.com>]

Niki Hammler wrote:
> Howard Chu schrieb:
> > Niki Hammler wrote:
> > That's enough. The SSL library has obviously failed:
> > > TLS: error:140B512D:SSL routines:SSL_GET_NEW_SESSION:ssl session id
> > > callback failed ssl_sess.c:232
> > This failure indicates that the SSL library was unable to generate a
> > session ID for the session. Generating the session ID just requires
> > generating a single random number (and checking that the number hasn't
> > been used before). On a freshly started server, this should never fail.
> > [...]
> >
> > Check the permissions of /dev/random and /dev/urandom on your virtual
> > server. Make sure they are readable by the openldap user.
> >
> > No bug here, just a misconfigured system...
>
> Thank you very much!
> For strange reasons the /dev directory had 700 permissons (I saw that
> all VServer have these permissions by default).
>
> Thank you for this hint, I never would have guessed this as all the
> output did not contain any reference to /dev...

It might be worthwhile to submit a bug report to the OpenSSL folks, asking them 
to log something useful when they fail to open /dev/random...

> Thank you, now everything works fine :-)
>
> Niki
--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/