Hello!
On Wed, Jul 18, 2007 at 05:45:06PM -0700, Maria McKinley wrote:
Augh. scratch that last email. That isn't what i meant to do. Here is what I did (and meant it. ;-))
I stopped slapd, and tried to put stuff in the database:
maude:/etc/ldap# slapadd -v -l ldif
got no error messages, restarted slapd, tried to search on something that should be there, but couldn't find it:
maude:/etc/ldap# ldapsearch -x "uid=ichbin"
[...]
# search result search: 2 result: 32 No such object
# numResponses: 1
Any ideas why I can't put stuff in the database? And any ideas why I have to start slapd using slapd instead of /etc/init.d/slapd start? I'm still pretty new at this stuff obviously...
A possible reason for the first point is that you have declared an index on "uid". If you have any indices declared and slapadd a database then you have to slapindex it as well. OpenLDAP will not regenerate a missing index on its own.
The log lines before those you posted in your first mail would hint at an index miss if I'm barking up the right tree here. Anyway, slapindex'ing the cold(!) database cannot hurt.
The second point sounds like a file permission problem to me, especially since the error occurs during TLS context(?) initialization(?). Makes me think of a private key that "root" is allowed to read but "openldap", which is the user that slapd runs under in the default Debian installation, is not. I suggest that you take a look at the certificate / CA certificate / private key file permissions. You may end up having to use ACLs on the key file to permit slapd reading it.
I don't know how familiar you are with strace but you might just syscall trace the startup skript and watch out for the deadly EACCESS.
Regards, Ralph Rößner