I was following an Ubuntu howto at
served me well so far, and I was working on the part where TLS is set up.
I made an ldif file like:
and, well, I blew it.. I initially had a typo in it, and the server cert
and key weren't where I said they were.
I ran ldapmodify to load the ldif file above:
ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif
Then I tried to restart slapd, and perhaps unsurprisingly it did not
Aug 8 16:41:30 grackle slapd: @(#) $OpenLDAP: slapd (Jul 26 2012
Aug 8 16:41:30 grackle slapd: main: TLS init def ctx failed: -1
Aug 8 16:41:30 grackle slapd: slapd stopped.
Aug 8 16:41:30 grackle slapd: connections_destroy: nothing to
So I thought I just fix my ldif file, which I did, and then run ldapmodify
again. But no, that clearly wasn't going to work because slapd wasn't
running. Not knowing what else to do, I removed the lines containing
"olcTLS" from /etc/ldap/slapd.d/cn=config.ldif. Then I was able to restart
slapd (congratulating myself) and then re-ran my ldapmodify command to
enter the correct locations of the cert and key. But I still get a
checksum error in syslog:
Aug 8 17:04:53 grackle slapd: slapd starting
Aug 8 17:05:01 grackle slapd: ldif_read_file: checksum error on
I haven't even tried to see if I have TLS working, but I have two questions:
#1. How should I have recovered from this (human) error? What I did
didn't seem to work out very well.
#2. How do I un-screw my config and resolve the checksum problem?
Thanks in advance for any assistance.
* Jeff Dickens*
IT Manager 978-632-1513