I was following an Ubuntu howto at  https://help.ubuntu.com/12.04/serverguide/openldap-server.html ,which has served me well so far, and I was working on the part where TLS is set up.

I made an ldif file like:

dn: cn=config
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/certs/grackle_slapd_cert.pem
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/private/grackle_slapd_key.pem

and, well, I blew it.. I initially had a typo in it, and the server cert and key weren't where I said they were.

I ran ldapmodify to load the ldif file above:

ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif

Then I tried to restart slapd, and perhaps unsurprisingly it did not restart.

Aug  8 16:41:30 grackle slapd[1660]: @(#) $OpenLDAP: slapd  (Jul 26 2012 00:10:41) $#012#011buildd@aatxe:/build/buildd/openldap-2.4.28/debian/build/servers/slapd
Aug  8 16:41:30 grackle slapd[1660]: main: TLS init def ctx failed: -1
Aug  8 16:41:30 grackle slapd[1660]: slapd stopped.
Aug  8 16:41:30 grackle slapd[1660]: connections_destroy: nothing to destroy.

So I thought I just fix my ldif file, which I did, and then run ldapmodify again.  But no, that clearly wasn't going to work because slapd wasn't running.  Not knowing what else to do, I removed the lines containing "olcTLS" from /etc/ldap/slapd.d/cn=config.ldif.  Then I was able to restart slapd (congratulating myself) and then re-ran my ldapmodify command to enter the correct locations of the cert and key.  But I still get a checksum error in syslog:

Aug  8 17:04:53 grackle slapd[2028]: slapd starting
Aug  8 17:05:01 grackle slapd[2028]: ldif_read_file: checksum error on "/etc/ldap /slapd.d/cn=config.ldif"

I haven't even tried to see if I have TLS working, but I have two questions:

#1.  How should I have recovered from this (human) error?  What I did didn't seem to work out very well.


#2.  How do I un-screw my config and resolve the checksum problem?

Thanks in advance for any assistance.

     Jeff Dickens
     IT Manager      978-632-1513