The ebuild does not copy the self-signed certificate(ldap.pem) into /etc/openldap/ssl: * Generating OpenSSL configuration ... [ ok ] * Generating 1024 bit RSA key for CA ... [ ok ] * Generating Certificate Signing Request for CA ... [ ok ] * Generating self-signed X.509 Certificate for CA ... [ ok ] * Generating 1024 bit RSA key ... [ ok ] * Generating Certificate Signing Request ... [ ok ] * Generating authority-signed X.509 Certificate ... [ ok ] * Generating PEM Certificate ... [ ok ] ... ... ... # ls /etc/openldap/ssl ls: cannot access /etc/openldap/ssl: No such file or directory Reproducible: Always Steps to Reproduce: 1. USE="ssl" emerge openldap 2. ls /etc/openldap/ssl Actual Results: ls: cannot access /etc/openldap/ssl: No such file or directory Expected Results: ldap.pem is in /etc/openldap/ssl
post `emerge -pv openldap` please and attach `equery f openldap` output (emerge gentoolkit if you don't have equery).
# emerge -pv openldap These are the packages that would be merged, in order: Calculating dependencies ....... done! [ebuild N ] net-nds/openldap-2.3.30-r2 USE="berkdb ssl -crypt -debug -gdbm -ipv6 -kerberos -minimal -odbc -overlays -perl -readline -samba -sasl (-selinux) -slp -smbkrb5passwd -tcpd" 3,676 kB # qlist openldap /etc/conf.d/slapd /etc/init.d/slapd /etc/init.d/slurpd /etc/openldap/DB_CONFIG.example /etc/openldap/slapd.conf /etc/openldap/slapd.conf.default /etc/openldap/schema/cosine.schema /etc/openldap/schema/README /etc/openldap/schema/misc.schema /etc/openldap/schema/dyngroup.schema /etc/openldap/schema/openldap.ldif /etc/openldap/schema/openldap.schema /etc/openldap/schema/java.schema /etc/openldap/schema/ppolicy.schema /etc/openldap/schema/core.ldif /etc/openldap/schema/nis.schema /etc/openldap/schema/core.schema /etc/openldap/schema/inetorgperson.schema /etc/openldap/schema/corba.schema /etc/openldap/ldap.conf.default /etc/openldap/ldap.conf /var/lib/openldap-slurp/.keep_net-nds_openldap-0 /var/lib/openldap-data/DB_CONFIG.example /var/lib/openldap-data/.version-tag /var/lib/openldap-data/.keep_net-nds_openldap-0 /var/lib/openldap-ldbm/.keep_net-nds_openldap-0 /var/run/openldap/.keep_net-nds_openldap-0 /usr/bin/ldapdelete /usr/bin/ldapmodify /usr/bin/ldapmodrdn /usr/bin/ldapadd /usr/bin/ldappasswd /usr/bin/ldapsearch /usr/bin/ldapwhoami /usr/bin/ldapstatslog /usr/bin/ldapcompare /usr/lib/libslapi.a /usr/lib/liblber.a /usr/lib/libldap.a /usr/lib/libldap-2.3.so.0.2.18 /usr/lib/libslapi.la /usr/lib/libldap-2.3.so.0 /usr/lib/libldap_r.la /usr/lib/libldap_r-2.3.so.0.2.18 /usr/lib/openldap/slapd /usr/lib/openldap/slurpd /usr/lib/openldap/openldap/libdsaschema-plugin.so /usr/lib/openldap/openldap/back_dnssrv.la /usr/lib/openldap/openldap/back_null-2.3.so.0.2.18 /usr/lib/openldap/openldap/back_shell.la /usr/lib/openldap/openldap/back_relay.la /usr/lib/openldap/openldap/pw-netscape.so /usr/lib/openldap/openldap/back_passwd.la /usr/lib/openldap/openldap/back_null-2.3.so.0 /usr/lib/openldap/openldap/back_meta-2.3.so.0.2.18 /usr/lib/openldap/openldap/back_shell-2.3.so.0.2.18 /usr/lib/openldap/openldap/back_relay-2.3.so.0.2.18 /usr/lib/openldap/openldap/back_monitor-2.3.so.0.2.18 /usr/lib/openldap/openldap/back_meta.la /usr/lib/openldap/openldap/back_meta.so /usr/lib/openldap/openldap/back_dnssrv-2.3.so.0.2.18 /usr/lib/openldap/openldap/back_relay-2.3.so.0 /usr/lib/openldap/openldap/back_monitor.la /usr/lib/openldap/openldap/back_monitor.so /usr/lib/openldap/openldap/back_hdb.la /usr/lib/openldap/openldap/back_hdb-2.3.so.0.2.18 /usr/lib/openldap/openldap/back_dnssrv-2.3.so.0 /usr/lib/openldap/openldap/back_hdb-2.3.so.0 /usr/lib/openldap/openldap/back_passwd-2.3.so.0.2.18 /usr/lib/openldap/openldap/libaddrdnvalues-plugin.so /usr/lib/openldap/openldap/.keep_net-nds_openldap-0 /usr/lib/openldap/openldap/back_null.la /usr/lib/openldap/openldap/back_null.so /usr/lib/openldap/openldap/back_passwd-2.3.so.0 /usr/lib/openldap/openldap/back_meta-2.3.so.0 /usr/lib/libldap_r.a /usr/lib/liblber-2.3.so.0.2.18 /usr/lib/liblber.la /usr/lib/liblber.so /usr/lib/libldap.la /usr/lib/libldap.so /usr/lib/libslapi-2.3.so.0.2.18 /usr/sbin/slapacl /usr/sbin/slapadd /usr/sbin/slapcat /usr/sbin/slapauth /usr/sbin/slaptest /usr/sbin/slappasswd /usr/sbin/slapdn /usr/sbin/slapindex /usr/include/ldap_schema.h /usr/include/lber_types.h /usr/include/ldap_features.h /usr/include/lber.h /usr/include/ldap.h /usr/include/slapi-plugin.h /usr/include/ldap_cdefs.h /usr/include/ldap_utf8.h /usr/lib/libldap_r-2.3.so.0 /usr/lib/libslapi.so /usr/lib/libslapi-2.3.so.0 /usr/lib/libldap_r.so /usr/lib/liblber-2.3.so.0 /usr/lib/openldap/openldap/back_monitor-2.3.so.0 /usr/lib/openldap/openldap/back_shell-2.3.so.0 /usr/lib/openldap/openldap/back_dnssrv.so /usr/lib/openldap/openldap/back_shell.so /usr/lib/openldap/openldap/back_relay.so /usr/lib/openldap/openldap/back_passwd.so /usr/lib/openldap/openldap/back_hdb.so # emerge --info Portage 2.1.2-r9 (default-linux/x86/2006.1, gcc-4.1.1, glibc-2.4-r4, 2.6.19-gentoo-r5 i686) ================================================================= System uname: 2.6.19-gentoo-r5 i686 Intel(R) Pentium(R) 4 CPU 2.60GHz Gentoo Base System release 1.12.9 Timestamp of tree: Unknown dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.7.9-r1, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r4 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-mtune=pentium4 -O2 -pipe -fomit-frame-pointer -DLDAP_DEPRECATED" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/terminfo" CXXFLAGS="-mtune=pentium4 -O2 -pipe -fomit-frame-pointer -DLDAP_DEPRECATED" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig buildpkg distlocks metadata-transfer nodoc noinfo noman sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LC_ALL="en_US.UTF-8" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="mmx nptl nptlonly sse unicode x86" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark ati chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mga neomagic nsc nv rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CTARGET, INSTALL_MASK, LANG, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Hmmm...
After I moved the following code from pkg_postinst() to src_install(), the self-certificate is installed into /etc/openldap/ssl if ! use minimal ; then if use ssl; then insinto /etc/openldap/ssl docert ldap ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" ewarn "add 'TLS_REQCERT never' if you want to use them." fi fi
The permission for the certificate/key were wrong and my openldap server could not be started, so I did: if use ssl; then insinto /etc/openldap/ssl docert ldap fowners ldap:ldap /etc/openldap/ssl/ldap.{key,pem} ewarn "Self-signed SSL certificates are treated harshly by OpenLDAP 2.[12]" ewarn "add 'TLS_REQCERT never' if you want to use them." fi
Fixed in 2.3.34-r1 :=) thanks for reporting
