On 12/17/2015 06:02 PM, Andrei Valoshyn
wrote:
>Hello guys!
>I tried to deploy openldap replica on Ubuntu 14.04. I copy
database
>via slapcat(slapadd) and slapd.conf from another
replica(Centos 6.7
>with OpenLDAP: slapd 2.4.40).
>After all slaptest errors were fixed slapd service run
once, but
>after 5 minutes without any changes it's failed to start
again and
>currently it's still doesn't work. I can't find any ldap
log.
>
>May be somebody faced with such kind of the problem. Will
be very
>appreciate for any advices
>
run both slapd(8) in debugging mode and level stats sync
-Dieter
-- Dieter Kl?nter | Systemberatung http://sys4.de GPG Key ID:
E9ED159B 53?37'09,95"N 10?08'02,42"E
In debug slapd -d -1 output I saw that ldap is trying to load from
/etc/ldap/slap.d/ directory although i had put
"SLAPD_CONF=/etc/ldap/slapd.conf" to /etc/default/slapd. After I
clean up /etc/ldap/slap.d/ directory ldap starting load db and
schema, but still can't start with error:
"
TLS: could not set cipher list HIGH:+TLSv1:+SSLv2:+SSLv3.
56728db6 main: TLS init def ctx failed: -1
56728db6 slapd destroy: freeing system resources.
56728db6 syncinfo_free: rid=115
56728db6 slapd stopped.
56728db6 connections_destroy: nothing to destroy.
"
When I try "openssl ciphers -v HIGH:+TLSv1:+SSLv2:+SSLv3" it's
work fine without any error
On 12/16/2015 03:00 PM, openldap-technical-request@openldap.org
wrote:
I tried to replace "TLSCipherSuite HIGH:+TLSv1:+SSLv2:+SSLv3" with
"TLSCipherSuite NORMAL" as described here
After that I got
5672d1f5 main: TLS init def ctx failed: -207
5672d1f5 slapd destroy: freeing system resources.
5672d1f5 syncinfo_free: rid=115
5672d1f5 slapd stopped.
5672d1f5 connections_destroy: nothing to destroy.
--
With Best Wishes
Andrei Valoshyn
Exadel Inc.
System Administrator
avaloshyn@exadel.com