[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slapd TLS issue

To: Eric Falbe <ericf706@gmail.com>
Subject: Re: Slapd TLS issue
From: Dan White <dwhite@olp.net>
Date: Thu, 6 Mar 2014 16:58:14 -0600
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CABm5hZ_EXE21EJU-FZqdGR1qgDDjRs+ACGQp_nkkBJJVCtGQ=Q@mail.gmail.com>
References: <CABm5hZ8+pYonrKMHyvqFQ-hSi1mTm7wZOiyqQBODOfy4e8W1wA@mail.gmail.com> <CABm5hZ_EXE21EJU-FZqdGR1qgDDjRs+ACGQp_nkkBJJVCtGQ=Q@mail.gmail.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On 03/06/14 16:13 -0600, Eric Falbe wrote:

Hi,

Does anyone know where the database in the message:
TLS: error: the certificate '/etc/pki/tls/certs/ldap.
cassens.com.pem' could not be found in the database - error -12285:Unable
to find the certificate or key necessary for authentication


This error is likely coming from your ssl library. Search for the error
message (-12285 points to an NSS error code).

See slapd-config(5) and its notes underneath olcTLSCACertificatePath, etc,
and consult the documentation for NSS.

Is located at and how I might rebuild it?

Also, the only 3 configuration directives I have set for TLS is:
olcTLSCertificateFile: /etc/pki/tls/certs/ldap2.cassens.com.pem
olcTLSCertificateKeyFile: /etc/pki/tls/private/ldap2.cassens.comKey.pem
olcTLSCACertificateFile: /etc/pki/tls/certs/ca.pem





On Wed, Mar 5, 2014 at 3:27 PM, Eric Falbe <ericf706@gmail.com> wrote:

Hi,
When I try to start slapd I get this error message:
Checking configuration files for slapd:                    [WARNING]
PROXIED attributeDescription "DC" inserted.
config file testing succeeded
Starting slapd: @(#) $OpenLDAP: slapd 2.4.23 (Feb  3 2014 19:11:35) $
    mockbuild@c6b10.bsys.dev.centos.org:
/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
PROXIED attributeDescription "DC" inserted.
bdb_db_open: database "dc=cassens,dc=com": unclean shutdown detected;
attempting recovery.
bdb_db_open: database "cn=accesslog": unclean shutdown detected;
attempting recovery.
slapd starting
TLS: error: the certificate '/etc/pki/tls/certs/ldap.cassens.com.pem'
could not be found in the database - error -12285:Unable to find the
certificate or key necessary for authentication..
TLS: certificate '/etc/pki/tls/certs/ldap.cassens.com.pem' successfully
loaded from PEM file.
TLS: no unlocked certificate for certificate 'CN=ldap.cassens.com,OU=Ldap
Server,O=Cassens Transport Company,C=US'.
ppolicy_bind: Setting warning for password expiry for
cn=replication,dc=cassens,dc=com = 0 seconds
^Cdaemon: shutdown requested and initiated.
slapd shutdown: waiting for 0 operations/tasks to finish
slapd stopped.


This server was working last night, I had to promote our secondary ldap
server this morning.

I have attempted to rebuild the database backend (with slapcat and
slapadd), but am still getting this same error.  I have my ssl
(self-signed) certificates located in
/etc/pki/tls/certs/ldap.cassens.com.pem /etc/pki/tls/tls/certa/ca.pem
/etc/pki/tls/private/ldap.cassens.comKey.pem

These certificates worked fine up untill today, does anyone have any
insight on where to look to being troubleshooting this issue?

Thanks,
Eric Falbe


--
Dan White

References:
- Slapd TLS issue
  - From: Eric Falbe <ericf706@gmail.com>
- Re: Slapd TLS issue
  - From: Eric Falbe <ericf706@gmail.com>

Prev by Date: Re: Slapd TLS issue
Next by Date: Re: Slapd TLS issue
Index(es):
- Chronological
- Thread