On Monday 15 May 2006 11:15, Jukka Hienola wrote: > Dear all, > > I just replaced my old OpenLDAP master server (now called slave1) with a > new one (master). After that I changed my old OpenLDAP server (slave1) > role from master server to slave (replica) server just editing OpenLDAP > service configuration file. > > After changing slapd configuration, I get the following error when > trying to start old master OpenLDAP server (slave1) as slave service: > > [hienola@slave1 ~]$ sudo /usr/sbin/slapd -l local4 -d 256 -u ldap -h \ > "ldap:/// ldaps:///" -f /etc/openldap/slapd.conf > > @(#) $OpenLDAP: slapd 2.2.13 (Oct 18 2005 10:16:10) $ > > buildsys@sotka.it.helsinki.fi:/usr/src/redhat/BUILD/openldap-2.2.13/\ > openldap-2.2.13/build-servers/servers/slapd > bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) > bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) > bdb_db_init: Initializing BDB database > TLS: could not use key file \ > `/etc/openldap/cacerts/server-key.pem'. > TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line \ > pem_lib.c:632 > TLS: error:02001002:system library:fopen:No such file or \ > directory bss_file.c:259 > TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:261 > TLS: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system \ > lib ssl_rsa.c:691 > main: TLS init def ctx failed: -1 > slapd stopped. > connections_destroy: nothing to destroy. > > I haven't made any changes to my certificate files etc. TLS: could not use key file `/etc/openldap/cacerts/server-key.pem'. TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:632 TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:259 Well, seems that OpenLDAP thinks it should open /etc/openldap/cacerts/server-key.pem, but this file does not exist. Either tell it not to open this file, or put the file there. > Slave service's > OpenLDAP service configuration is copied from another slave server > (slave2), which is working fine with my new OpenLDAP master server > (master). Of course I have made required changes to configuration files > so that any references to another slave server (slave2) are replaced > with references to my old master server (slave1). User ldap has required > permissions to certificate directory and certificate files. Maybe paths are wrong, but I've never seen this error (from openssl/libssl) be wrong ... it's always been 100% correct. > Any ideas what could cause that kind of behaviour, or how I should start > to solve this problem? Regards, Buchan -- Buchan Milne ISP Systems Specialist B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
Attachment:
pgpsu2sDY9wmO.pgp
Description: PGP signature