[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: any working documentation?

To: openldap-technical@openldap.org
Subject: Re: any working documentation?
From: Dieter Klünter <dieter@dkluenter.de>
Date: Wed, 21 Aug 2019 19:27:44 +0200
In-reply-to: <6f623b3e-dd08-7085-a4db-7c372d02047c@gmail.com>
Organization: AVCI
References: <6f623b3e-dd08-7085-a4db-7c372d02047c@gmail.com>

Am Mon, 19 Aug 2019 20:26:28 +0100
schrieb Dmitri Seletski <drjoms@gmail.com>:

> Hello.
> 
> 
> I am new to the list, so if you gonna beat me with your feet - please 
> don't hit me in the face.
> 
> I did not find help/user list. So post here.
> 
> Where can I find working documentation for OpenLDAP?
> 
> Most current i found:
> 
> https://www.openldap.org/doc/admin24/quickstart.html
> 
> It says nothing of TLS encryption. I fail to start service
> 
> See output below:

It seems you use MOZNSS instead of openSSL, check slapd for the
built-in ssl library.

> TLSMC: MozNSS compatibility interception begins.
> tlsmc_intercept_initialization: INFO: entry options follow:
> tlsmc_intercept_initialization: INFO: cacertdir =
> `/etc/openldap/certs' tlsmc_intercept_initialization: INFO: certfile
> = `OpenLDAP Server' tlsmc_intercept_initialization: INFO: keyfile = 
> `/etc/openldap/certs/password'
> tlsmc_convert: INFO: trying to open NSS DB with CACertDir = 
> `/etc/openldap/certs'.
> tlsmc_open_nssdb: INFO: trying to initialize moznss using security
> dir `/etc/openldap` prefix `certs`.
> tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error
> -8015. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM
> configuration is present.
> tlsmc_intercept_initialization: INFO: altered options follow:
> tlsmc_intercept_initialization: INFO: cacertdir = `/etc/openldap'
> tlsmc_intercept_initialization: INFO: certfile = `OpenLDAP Server'
> tlsmc_intercept_initialization: INFO: keyfile = 
> `/etc/openldap/certs/password'
> tlsmc_intercept_initialization: INFO: successfully intercepted TLS 
> initialization. Continuing with OpenSSL only.
> TLSMC: MozNSS compatibility interception ends.
> TLS: could not use certificate `OpenLDAP Server'.
> TLS: error:02001002:system library:fopen:No such file or directory 
> bss_file.c:402
> TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
> TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system
> lib ssl_rsa.c:468
> 5d5af51b main: TLS init def ctx failed: -1
> 5d5af51b slapd destroy: freeing system resources.
> 5d5af51b slapd stopped.
> 5d5af51b connections_destroy: nothing to destroy.
> 
> 
> 
> Where can I submit errata to documentation maintainer?(as quick start 
> clearly doesn't work in my default install of OpenLDAP on CentOS 7)

That is most likely because of MOZNSS in a OpenSSL envirement or vice
versa.

> And how can I start SLAPD without encryption?

Just disable TLS in slapd.conf and ldap.conf
 
{...]

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

References:
- any working documentation?
  - From: Dmitri Seletski <drjoms@gmail.com>

Prev by Date: Re: Dynamic ACL in OpenLDAP with set:expand not working
Next by Date: openldap replication
Index(es):
- Chronological
- Thread