On 03/06/14 16:13 -0600, Eric Falbe wrote:
Hi,
Does anyone know where the database in the message: TLS: error: the certificate '/etc/pki/tls/certs/ldap. cassens.com.pem' could not be found in the database - error -12285:Unable to find the certificate or key necessary for authentication
This error is likely coming from your ssl library. Search for the error message (-12285 points to an NSS error code).
See slapd-config(5) and its notes underneath olcTLSCACertificatePath, etc, and consult the documentation for NSS.
Is located at and how I might rebuild it?
Also, the only 3 configuration directives I have set for TLS is: olcTLSCertificateFile: /etc/pki/tls/certs/ldap2.cassens.com.pem olcTLSCertificateKeyFile: /etc/pki/tls/private/ldap2.cassens.comKey.pem olcTLSCACertificateFile: /etc/pki/tls/certs/ca.pem
On Wed, Mar 5, 2014 at 3:27 PM, Eric Falbe ericf706@gmail.com wrote:
Hi, When I try to start slapd I get this error message: Checking configuration files for slapd: [WARNING] PROXIED attributeDescription "DC" inserted. config file testing succeeded Starting slapd: @(#) $OpenLDAP: slapd 2.4.23 (Feb 3 2014 19:11:35) $ mockbuild@c6b10.bsys.dev.centos.org: /builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd PROXIED attributeDescription "DC" inserted. bdb_db_open: database "dc=cassens,dc=com": unclean shutdown detected; attempting recovery. bdb_db_open: database "cn=accesslog": unclean shutdown detected; attempting recovery. slapd starting TLS: error: the certificate '/etc/pki/tls/certs/ldap.cassens.com.pem' could not be found in the database - error -12285:Unable to find the certificate or key necessary for authentication.. TLS: certificate '/etc/pki/tls/certs/ldap.cassens.com.pem' successfully loaded from PEM file. TLS: no unlocked certificate for certificate 'CN=ldap.cassens.com,OU=Ldap Server,O=Cassens Transport Company,C=US'. ppolicy_bind: Setting warning for password expiry for cn=replication,dc=cassens,dc=com = 0 seconds ^Cdaemon: shutdown requested and initiated. slapd shutdown: waiting for 0 operations/tasks to finish slapd stopped.
This server was working last night, I had to promote our secondary ldap server this morning.
I have attempted to rebuild the database backend (with slapcat and slapadd), but am still getting this same error. I have my ssl (self-signed) certificates located in /etc/pki/tls/certs/ldap.cassens.com.pem /etc/pki/tls/tls/certa/ca.pem /etc/pki/tls/private/ldap.cassens.comKey.pem
These certificates worked fine up untill today, does anyone have any insight on where to look to being troubleshooting this issue?
Thanks, Eric Falbe