Hi,

Does anyone know where the database in the message:
TLS: error: the certificate '/etc/pki/tls/certs/ldap.
cassens.com.pem' could not be found in the database - error -12285:Unable to find the certificate or key necessary for authentication

Is located at and how I might rebuild it?

Also, the only 3 configuration directives I have set for TLS is:
olcTLSCertificateFile: /etc/pki/tls/certs/ldap2.cassens.com.pem
olcTLSCertificateKeyFile: /etc/pki/tls/private/ldap2.cassens.comKey.pem
olcTLSCACertificateFile: /etc/pki/tls/certs/ca.pem





On Wed, Mar 5, 2014 at 3:27 PM, Eric Falbe <ericf706@gmail.com> wrote:
Hi,
When I try to start slapd I get this error message:
Checking configuration files for slapd:                    [WARNING]
PROXIED attributeDescription "DC" inserted.
config file testing succeeded
Starting slapd: @(#) $OpenLDAP: slapd 2.4.23 (Feb  3 2014 19:11:35) $
    mockbuild@c6b10.bsys.dev.centos.org:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
PROXIED attributeDescription "DC" inserted.
bdb_db_open: database "dc=cassens,dc=com": unclean shutdown detected; attempting recovery.
bdb_db_open: database "cn=accesslog": unclean shutdown detected; attempting recovery.
slapd starting
TLS: error: the certificate '/etc/pki/tls/certs/ldap.cassens.com.pem' could not be found in the database - error -12285:Unable to find the certificate or key necessary for authentication..
TLS: certificate '/etc/pki/tls/certs/ldap.cassens.com.pem' successfully loaded from PEM file.
TLS: no unlocked certificate for certificate 'CN=ldap.cassens.com,OU=Ldap Server,O=Cassens Transport Company,C=US'.
ppolicy_bind: Setting warning for password expiry for cn=replication,dc=cassens,dc=com = 0 seconds
^Cdaemon: shutdown requested and initiated.
slapd shutdown: waiting for 0 operations/tasks to finish
slapd stopped.


This server was working last night, I had to promote our secondary ldap server this morning.

I have attempted to rebuild the database backend (with slapcat and slapadd), but am still getting this same error.  I have my ssl (self-signed) certificates located in /etc/pki/tls/certs/ldap.cassens.com.pem /etc/pki/tls/tls/certa/ca.pem /etc/pki/tls/private/ldap.cassens.comKey.pem

These certificates worked fine up untill today, does anyone have any insight on where to look to being troubleshooting this issue?

Thanks,
Eric Falbe