Summary: | OpenLDAP won't start with SSL/TLS | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Pupeno <pupeno> |
Component: | [OLD] Server | Assignee: | Robin Johnson <robbat2> |
Status: | RESOLVED INVALID | ||
Severity: | major | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Pupeno
2005-03-12 23:55:14 UTC
Hi Pupeno, This error is a SASL error, not an SSL error. I don't use SASL myself (just plain SSL). The error: Mar 10 16:56:13 master slapd[6814]: sql_select option missing Mar 10 16:56:13 master slapd[6814]: auxpropfunc error no mechanism available Mar 10 16:56:13 master slapd[6814]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Suggests to me that your SASL is misconfigured/broken, as it appears to doing something with SQL. Yes, there are SASL errors, but I ignored them since I'm not trying to use SASL. There's no SASL-related configuration on openldap and the rest of the SASL-configuration is the default one shipped with Gentoo. I'm not running saslauthd either. What might be causing the error then ? Note, while this is the error that I get in a TLS/SSL failed start up: Mar 13 14:04:24 master slapd[8935]: sql_select option missing Mar 13 14:04:24 master slapd[8935]: auxpropfunc error no mechanism available Mar 13 14:04:24 master slapd[8935]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Mar 13 14:04:24 master slapd[8935]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Mar 13 14:04:24 master slapd[8935]: bdb_db_init: Initializing BDB database Mar 13 14:04:24 master slapd[8935]: main: TLS init def ctx failed: -1 Mar 13 14:04:24 master slapd[8935]: slapd stopped. Mar 13 14:04:24 master slapd[8935]: connections_destroy: nothing to destroy. this is what I got in a non-SSL/TLS sucesful start up: Mar 13 14:02:11 master slapd[8851]: sql_select option missing Mar 13 14:02:11 master slapd[8851]: auxpropfunc error no mechanism available Mar 13 14:02:11 master slapd[8851]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql Mar 13 14:02:11 master slapd[8851]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Mar 13 14:02:11 master slapd[8851]: bdb_db_init: Initializing BDB database Mar 13 14:02:11 master slapd[8852]: slapd starting I've touched the configurations as little as possible. This is happening with the out-of-the-box Gentoo configuration. Firstly, go and compile openldap with USE=-sasl (via /etc/portage/package.use) then run '/usr/lib/openldap/slapd -u ldap -g ldap -d 65535' to get a more detailed error log, and attach that here. I've run slapd with your command, and I've analized the output. It said it didn't have access to the file. I've checked and re-checked, I was sure it was ok, but, I was missing execute privileges in the directory where the certificates are. It was my mistake and I'm sorry for all the trouble. Anyway, I'll submit this bug to the OpenLDAP devs, showing this error line: TLS: error:0200100D:system library:fopen:Permission denied bss_file.c:278 would have been much better than showing this error line: main: TLS init def ctx failed: -1 Thank you. I think you can now close this bug report. Thanks, marking as invalid since it isn't a bug in openldap (beyond the useless error message). |