As I said in my last mail. I got this: slap_client_connect: URI=ldaps://wtf.wtf.fr:636 DN="cn=replicaiufm,ou=useraccess,dc=wtf,dc=fr" ldap_sasl_bind_s failed (-1)
There's this line in the /etc/ldap/ldap.conf:
TLS_REQCERT never
the certificate is localized in /etc/ldap/cacerts unverre:/home/olivier# cat /etc/ldap/ldap.conf | grep "TLS" TLS_CACERT /etc/ldap/cacerts/chain-4302-wtf.wtf.fr.pem TLS_CERT /etc/ldap/cacerts/chain-4302-wtf.wtf.fr.pem # TLS_CACERTDIR /etc/ldap/cacerts TLS_REQCERT never
So then I added this to /etc/ldap/slapd.conf:
loglevel stats args trace sync
I restarted slapd: slapd -u openldap -g openldap -l LOCAL4 -s 0 -h ldap:/// ldaps:///
tail -f /var/log/syslog wrote this:
Apr 4 09:12:39 unverre slapd[9061]: slapd stopped. Apr 4 09:13:21 unverre slapd[9069]: bdb_back_initialize: initialize BDB backend Apr 4 09:13:21 unverre slapd[9069]: bdb_back_initialize: Berkeley DB 4.6.21: (September 27, 2007) Apr 4 09:13:21 unverre slapd[9069]: bdb_db_init: Initializing BDB database Apr 4 09:13:21 unverre slapd[9069]: >>> dnPrettyNormal: <dc=wtf,dc=fr> Apr 4 09:13:21 unverre slapd[9069]: <<< dnPrettyNormal: <dc=wtf,dc=fr>, <dc=wtf,dc=fr> Apr 4 09:13:21 unverre slapd[9069]: >>> dnPrettyNormal: <cn=luz2,dc=wtf,dc=fr> Apr 4 09:13:21 unverre slapd[9069]: <<< dnPrettyNormal: <cn=luz2,dc=wtf,dc=fr>, <cn=luz2,dc=wtf,dc=fr> Apr 4 09:13:21 unverre slapd[9069]: >>> dnNormalize: <cn=replicaiufm,ou=useraccess,dc=wtf,dc=fr> Apr 4 09:13:21 unverre slapd[9069]: <<< dnNormalize: <cn=replicaiufm,ou=useraccess,dc=wtf,dc=fr> Apr 4 09:13:21 unverre slapd[9069]: >>> dnNormalize: <dc=wtf,dc=fr> Apr 4 09:13:21 unverre slapd[9069]: <<< dnNormalize: <dc=wtf,dc=fr> Apr 4 09:13:21 unverre slapd[9069]: >>> dnNormalize: <cn=Subschema> Apr 4 09:13:21 unverre slapd[9069]: <<< dnNormalize: <cn=subschema> [cut] Apr 4 09:13:21 unverre slapd[9070]: slapd startup: initiated. Apr 4 09:13:21 unverre slapd[9070]: backend_startup_one: starting "cn=config" Apr 4 09:13:21 unverre slapd[9070]: config_back_db_open Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "cn=config" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "cn=module{0}" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "cn=schema" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "cn={0}core" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "cn={1}cosine" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "cn={2}nis" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "cn={3}inetorgperson" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "cn={4}internet2" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "cn={5}supann" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "cn={6}mailUniv" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "cn={7}unrc" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "olcDatabase={-1}frontend" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "olcDatabase={0}config" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "olcDatabase={1}bdb" Apr 4 09:13:21 unverre slapd[9070]: config_build_entry: "olcOverlay={0}syncprov" Apr 4 09:13:21 unverre slapd[9070]: backend_startup_one: starting "dc=wtf,dc=fr" Apr 4 09:13:21 unverre slapd[9070]: bdb_db_open: "dc=wtf,dc=fr" Apr 4 09:13:21 unverre slapd[9070]: bdb_db_open: database "dc=wtf,dc=fr": dbenv_open(/var/lib/ldap). Apr 4 09:13:21 unverre slapd[9070]: => bdb_entry_get: ndn: "dc=wtf,dc=fr" Apr 4 09:13:21 unverre slapd[9070]: => bdb_entry_get: oc: "(null)", at: "contextCSN" Apr 4 09:13:21 unverre slapd[9070]: bdb_dn2entry("dc=wtf,dc=fr") Apr 4 09:13:21 unverre slapd[9070]: => bdb_dn2id("dc=wtf,dc=fr") Apr 4 09:13:21 unverre slapd[9070]: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) Apr 4 09:13:21 unverre slapd[9070]: slapd starting Apr 4 09:13:21 unverre slapd[9070]: =>do_syncrepl rid=008 Apr 4 09:13:21 unverre slapd[9070]: slap_client_connect: URI=ldaps://wtf.wtf.fr:636 DN="cn=replicaiufm,ou=useraccess,dc=wtf,dc=fr" ldap_sasl_bind_s failed (-1) Apr 4 09:13:21 unverre slapd[9070]: do_syncrepl: rid=008 rc -1 retrying
Anyone can tall me what does mean this: slap_client_connect: URI=ldaps://wtf.wtf.fr:636 DN="cn=replicaiufm,ou=useraccess,dc=wtf,dc=fr" ldap_sasl_bind_s failed (-1)
Do I got this message because of this: bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)
WTH is DB_NOTFOUND? Does thi mean DB_CONFIG is missing? However unverre:/home/olivier# ls /var/lib/ldap/DB* /var/lib/ldap/DB_CONFIG
--On April 4, 2011 9:39:12 AM +0200 Olivier Pavilla olivier.pavilla@univ-orleans.fr wrote:
As I said in my last mail. I got this: slap_client_connect: URI=ldaps://wtf.wtf.fr:636 DN="cn=replicaiufm,ou=useraccess,dc=wtf,dc=fr" ldap_sasl_bind_s failed (-1)
I'm not sure what you think /etc/ldap.conf has to do with the syncrepl client. I highly advise you read the man page, as syncrepl has its own set of TLS options.
Also, if you search the FAQ, you can find out what the DB_CONFIG file is, and why it is important, but that is an entirely separate issue from the TLS one.
--Quanah
openldap-technical@openldap.org