[Issue 9946] New: TLS: could not load verify locations

https://bugs.openldap.org/show_bug.cgi?id=9946

Issue ID: 9946 Summary: TLS: could not load verify locations Product: OpenLDAP Version: unspecified Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: hrishikesh.durg@gmail.com Target Milestone: ---

Hi, Am seeing below errors on one of ldap proxy server --ANy clue how to fix it ?

=============== 635a3252 openotp_parse_conf: global: server_url = https://iad37-c-sec-afe-01.us6.oraclecloud.com:443/openotp/,https://ch3-c-se... 635a3252 openotp_parse_conf: global: soap_timeout = 10 635a3252 openotp_parse_conf: global: user_settings = ChallengeMode=No 635a3252 openotp_parse_conf: global: uid_attribute = uid, cn 635a3252 openotp_parse_conf: global: client_id = LDAP 635a3252 openotp_parse_conf: global: default_domain = oraclecloud 635a3252 openotp_parse_conf: global: server_policy = 1 635a3252 openotp_parse_conf: global: status_cache = 10 635a3252 openotp_parse_conf: global: nolock_usernames = ldapro-oci-sharedservices,ldapro-saas,ldapro-sbs 635a3252 openotp_parse_conf: global: denied_usernames = (none) 635a3252 openotp_init: Initializing libopenotp TLS: could not load verify locations (file:`/opt/ldproxy/conf/ca.crt',dir:`'). TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:175 TLS: error:2006D080:BIO routines:BIO_new_file:no such file bss_file.c:182 TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib by_file.c:253 635a3252 main: TLS init def ctx failed: -1 635a3252 slapd stopped. 635a3252 connections_destroy: nothing to destroy.

=========== Not seeing anything when checked on location specified from logs : [root@ldap-proxy-01 certs]# ls -l /opt/ldproxy total 0 drwxr-xr-x. 2 root root 48 Nov 4 08:27 logs [root@ldap-proxy-01 certs]#

==============

ldap.conf file looks as below :

# # LDAP Defaults #

# See ldap.conf(5) for details # This file should be world readable but not world writable.

#BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12 #TIMELIMIT 15 #DEREF never

TLS_CACERTDIR /etc/openldap/certs

# Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on

Any help /clue is much appreciated