Low Sensitivity/Aerospace Internal Use Only

Hello still getting the exact same Assertion and slapd: result.c:813: error, only now with OpenLDAP-2.4.39 running instead of OpenLDAP-2.4.38.

I run the following command:

ldapmodify -x -D "cn=admin,cn=config" -W -f  /tmp/LDAP-CONFIG-TLS.ldif -v -d 32768

/tmp/LDAP-CONFIG-TLS.ldif contains:
dn:                        cn=config
changetype:                modify
Add:                        olcTLSCipherSuite
olcTLSCipherSuite:        TLSv1+RSA:\!EXP:\!MD5:\!NULL

I already have slapd running with the -d 32768 argument as well.  Here is the specific process with arguments according to ps -ef:

Ldap        26636 26597  0 15:10 pts/1  00:00:00   /usr/local/openldap/libexec/slapd   -h ldap://*:389    ldaps://*:636   -d 32768 -F /usr/local/openldap/etc/openldap/slapd.d     -u  ldap  -g ldap   -l local4


The output I receive as a result is:
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
add olcTLSCipherSuite:
        TLSv1+RSA:\!EXP:\!MD5:\!NULL
modifying entry "cn=config"
slapd: result.c:813: slapd_send_ldap_result: Assertion `!((rs->sr_err)<0)' failed.
ldap_result: Can't contact LDAP server (-1)


All I am trying to do is get TLS configured on the LDAP server in order for clients to be able to connect over TLS.

Warron French, MBA, SCSA










From:        Quanah Gibson-Mount <quanah@zimbra.com>
To:        Warron S French <Warron.S.French@aero.org>,
Cc:        openldap-technical@openldap.org
Date:        01/27/2014 01:58 PM
Subject:        Re: OpenLDAP slapd problems - ldap_result: Can't contact LDAP server (-1) result.c:813 --- Low Sensitivity/Aerospace Internal Use Only
Sent by:        openldap-technical-bounces@OpenLDAP.org

---

--On Monday, January 27, 2014 11:28 AM -0500 Warron S French
<Warron.S.French@aero.org> wrote:

> Low Sensitivity/Aerospace Internal Use Only
>
> LTB-Project.org or OpenLDAP.org developers, please help:
>
> I am still having problems with adding (via .ldif file) the following
> LDIF file contents of /tmp/LDAP-CONFIG-TLS.ldif:
> dn:                        cn=config
> changetype:                modify
> add:                        olcTLSCipherSuite
> olcTLSCipherSuite:        TLSv1+RSA:\!EXP:\!MD5:\!NULL    (<- not sure if
> that argument is valid for that CipherSuite selection either)
>
>
> I use the following ldapmodify command:
> ldapmodify    -x     -D "cn=admin,cn=config" -W  -f
> /tmp/LDAP-CONFIG-TLS.ldif
>
>
> Because I have debugging turned up (to -d 32768), the results now look
> like:
> modifying entry "cn=config"
> 52e68423 connection_input:  conn=1000 deferring operation: binding
> slapd: result.c:813:  slap_send_ldap_result: Assertion
> `!((rs->sr_err)<0)' failed.
> ldap_result:  Can't contact LDAP server  (-1)

This means you triggered an assertion, which caused slapd to exit.  I
suggest you file an ITS (http://www.openldap.org/its)

--Quanah

--

Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration




Low Sensitivity/Aerospace Internal Use Only