On 03/06/14 16:13 -0600, Eric Falbe wrote:
Hi,
Does anyone know where the database in the message:
TLS: error: the certificate '/etc/pki/tls/certs/ldap.
cassens.com.pem' could not be found in the database - error -12285:Unable
to find the certificate or key necessary for authentication
This error is likely coming from your ssl library. Search for the error
message (-12285 points to an NSS error code).
See slapd-config(5) and its notes underneath olcTLSCACertificatePath, etc,
and consult the documentation for NSS.
Is located at and how I might rebuild it?
Also, the only 3 configuration directives I have set for TLS is:
olcTLSCertificateFile: /etc/pki/tls/certs/ldap2.cassens.com.pem
olcTLSCertificateKeyFile: /etc/pki/tls/private/ldap2.cassens.comKey.pem
olcTLSCACertificateFile: /etc/pki/tls/certs/ca.pem
On Wed, Mar 5, 2014 at 3:27 PM, Eric Falbe <ericf706(a)gmail.com> wrote:
> Hi,
> When I try to start slapd I get this error message:
> Checking configuration files for slapd: [WARNING]
> PROXIED attributeDescription "DC" inserted.
> config file testing succeeded
> Starting slapd: @(#) $OpenLDAP: slapd 2.4.23 (Feb 3 2014 19:11:35) $
> mockbuild(a)c6b10.bsys.dev.centos.org:
> /builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
> PROXIED attributeDescription "DC" inserted.
> bdb_db_open: database "dc=cassens,dc=com": unclean shutdown detected;
> attempting recovery.
> bdb_db_open: database "cn=accesslog": unclean shutdown detected;
> attempting recovery.
> slapd starting
> TLS: error: the certificate '/etc/pki/tls/certs/ldap.cassens.com.pem'
> could not be found in the database - error -12285:Unable to find the
> certificate or key necessary for authentication..
> TLS: certificate '/etc/pki/tls/certs/ldap.cassens.com.pem' successfully
> loaded from PEM file.
> TLS: no unlocked certificate for certificate 'CN=ldap.cassens.com,OU=Ldap
> Server,O=Cassens Transport Company,C=US'.
> ppolicy_bind: Setting warning for password expiry for
> cn=replication,dc=cassens,dc=com = 0 seconds
> ^Cdaemon: shutdown requested and initiated.
> slapd shutdown: waiting for 0 operations/tasks to finish
> slapd stopped.
>
>
> This server was working last night, I had to promote our secondary ldap
> server this morning.
>
> I have attempted to rebuild the database backend (with slapcat and
> slapadd), but am still getting this same error. I have my ssl
> (self-signed) certificates located in
> /etc/pki/tls/certs/ldap.cassens.com.pem /etc/pki/tls/tls/certa/ca.pem
> /etc/pki/tls/private/ldap.cassens.comKey.pem
>
> These certificates worked fine up untill today, does anyone have any
> insight on where to look to being troubleshooting this issue?
>
> Thanks,
> Eric Falbe
>
--
Dan White