Bug#416272: [Pkg-openldap-devel] Bug#416272: Bug#416272: slapd -distributional script not working

[Mgr. Peter Tuharsky]

I ran the slapd botw ways suggested by the error.

Here are the logs:
First (shorter one):
Jul 30 05:40:04 ldap1 slapd[12723]: @(#) $OpenLDAP: slapd 2.3.30 (Dec 12 
2006 22:14:39) $ 
[EMAIL PROTECTED]:/tmp/buildd/openldap2.3-2.3.30/debian/build/servers/slapd
Jul 30 05:40:06 ldap1 slapd[12723]: main: TLS init def ctx failed: -1
Jul 30 05:40:06 ldap1 slapd[12723]: slapd stopped.
Jul 30 05:40:06 ldap1 slapd[12723]: connections_destroy: nothing to 
destroy.




Second (longer one):
Jul 30 05:38:00 ldap1 slapd[12700]: @(#) $OpenLDAP: slapd 2.3.30 (Dec 12 
2006 22:14:39) $ 
[EMAIL PROTECTED]:/tmp/buildd/openldap2.3-2.3.30/debian/build/servers/slapd
Jul 30 05:38:00 ldap1 slapd[12700]: slapd starting
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 fd=11 ACCEPT from 
IP=10.2.2.2:39150 (IP=0.0.0.0:389)
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=0 STARTTLS
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=0 RESULT oid= err=0 text=
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 fd=11 TLS established 
tls_ssf=128 ssf=128
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=1 BIND 
dn="cn=manager,dc=misbb,dc=sk" method=128
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=1 BIND 
dn="cn=Manager,dc=misbb,dc=sk" mech=SIMPLE ssf=0
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=1 RESULT tag=97 err=0 text=
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=2 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=lorencova))"
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=2 SRCH attr=uid 
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
description objectClass
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=2 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=3 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=shadowAccount)(uid=lorencova))"
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=3 SRCH attr=uid 
userPassword shadowLastChange shadowMax shadowMin shadowWarning 
shadowInactive shadowExpire shadowFlag
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=3 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=4 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=lorencova))"
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=4 SRCH attr=uid 
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
description objectClass
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=4 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=5 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=shadowAccount)(uid=lorencova))"
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=5 SRCH attr=uid 
userPassword shadowLastChange shadowMax shadowMin shadowWarning 
shadowInactive shadowExpire shadowFlag
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=5 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=6 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=lorencova))"
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=6 SRCH attr=uid 
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
description objectClass
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=6 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=7 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=shadowAccount)(uid=lorencova))"
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=7 SRCH attr=uid 
userPassword shadowLastChange shadowMax shadowMin shadowWarning 
shadowInactive shadowExpire shadowFlag
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=7 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=8 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=lorencova))"
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=8 SRCH attr=uid 
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
description objectClass
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=8 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=9 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=shadowAccount)(uid=lorencova))"
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=9 SRCH attr=uid 
userPassword shadowLastChange shadowMax shadowMin shadowWarning 
shadowInactive shadowExpire shadowFlag
Jul 30 05:38:00 ldap1 slapd[12700]: conn=0 op=9 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 fd=14 ACCEPT from 
IP=10.2.2.2:39152 (IP=0.0.0.0:389)
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=0 STARTTLS
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=0 RESULT oid= err=0 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 fd=14 TLS established 
tls_ssf=128 ssf=128
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=1 BIND 
dn="cn=manager,dc=misbb,dc=sk" method=128
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=1 BIND 
dn="cn=Manager,dc=misbb,dc=sk" mech=SIMPLE ssf=0
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=1 RESULT tag=97 err=0 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=2 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=lorencova))"
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=2 SRCH attr=uid 
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
description objectClass
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=2 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=3 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=shadowAccount)(uid=lorencova))"
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=3 SRCH attr=uid 
userPassword shadowLastChange shadowMax shadowMin shadowWarning 
shadowInactive shadowExpire shadowFlag
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=3 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=4 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=lorencova))"
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=4 SRCH attr=uid 
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
description objectClass
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=4 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=5 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=shadowAccount)(uid=lorencova))"
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=5 SRCH attr=uid 
userPassword shadowLastChange shadowMax shadowMin shadowWarning 
shadowInactive shadowExpire shadowFlag
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=5 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=6 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=lorencova))"
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=6 SRCH attr=uid 
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
description objectClass
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=6 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=7 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=shadowAccount)(uid=lorencova))"
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=7 SRCH attr=uid 
userPassword shadowLastChange shadowMax shadowMin shadowWarning 
shadowInactive shadowExpire shadowFlag
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=7 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=8 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=lorencova))"
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=8 SRCH attr=uid 
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
description objectClass
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=8 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=9 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=shadowAccount)(uid=lorencova))"
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=9 SRCH attr=uid 
userPassword shadowLastChange shadowMax shadowMin shadowWarning 
shadowInactive shadowExpire shadowFlag
Jul 30 05:38:05 ldap1 slapd[12700]: conn=1 op=9 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 fd=15 ACCEPT from 
IP=10.2.2.2:39153 (IP=0.0.0.0:389)
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=0 STARTTLS
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=0 RESULT oid= err=0 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 fd=15 TLS established 
tls_ssf=128 ssf=128
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=1 BIND 
dn="cn=manager,dc=misbb,dc=sk" method=128
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=1 BIND 
dn="cn=Manager,dc=misbb,dc=sk" mech=SIMPLE ssf=0
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=1 RESULT tag=97 err=0 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=2 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=lorencova))"
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=2 SRCH attr=uid 
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos 
description objectClass
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=2 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=3 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=lorencova))"
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=3 SEARCH RESULT tag=101 
err=0 nentries=1 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=4 SRCH 
base="ou=Group,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixGroup)(|(memberUid=lorencova)(uniqueMember=uid=lorencova,ou=people,dc=misbb,dc=sk)))" 

Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=4 SRCH attr=gidNumber
Jul 30 05:38:05 ldap1 slapd[12700]: <= bdb_equality_candidates: 
(memberUid) index_param failed (18)
Jul 30 05:38:05 ldap1 slapd[12700]: <= bdb_equality_candidates: 
(uniqueMember) index_param failed (18)
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=4 SEARCH RESULT tag=101 
err=0 nentries=2 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=5 SRCH 
base="ou=Group,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixGroup)(uniqueMember=cn=domainusers,ou=group,dc=misbb,dc=sk))" 

Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=5 SRCH attr=gidNumber
Jul 30 05:38:05 ldap1 slapd[12700]: <= bdb_equality_candidates: 
(uniqueMember) index_param failed (18)
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 op=5 SEARCH RESULT tag=101 
err=0 nentries=0 text=
Jul 30 05:38:05 ldap1 slapd[12700]: conn=2 fd=15 closed (connection lost)
Jul 30 05:38:22 ldap1 slapd[12700]: conn=3 fd=15 ACCEPT from 
IP=127.0.0.1:48682 (IP=0.0.0.0:389)
Jul 30 05:38:22 ldap1 slapd[12700]: conn=3 op=0 BIND 
dn="cn=manager,dc=misbb,dc=sk" method=128
Jul 30 05:38:22 ldap1 slapd[12700]: conn=3 op=0 BIND 
dn="cn=Manager,dc=misbb,dc=sk" mech=SIMPLE ssf=0
Jul 30 05:38:22 ldap1 slapd[12700]: conn=3 op=0 RESULT tag=97 err=0 text=
Jul 30 05:38:22 ldap1 slapd[12700]: conn=3 op=1 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 filter="(uid=root)"
Jul 30 05:38:22 ldap1 slapd[12700]: conn=3 op=1 SEARCH RESULT tag=101 
err=0 nentries=0 text=
Jul 30 05:38:22 ldap1 slapd[12700]: conn=4 fd=16 ACCEPT from 
IP=127.0.0.1:48683 (IP=0.0.0.0:389)
Jul 30 05:38:22 ldap1 slapd[12700]: conn=4 op=0 BIND 
dn="cn=manager,dc=misbb,dc=sk" method=128
Jul 30 05:38:22 ldap1 slapd[12700]: conn=4 op=0 BIND 
dn="cn=Manager,dc=misbb,dc=sk" mech=SIMPLE ssf=0
Jul 30 05:38:22 ldap1 slapd[12700]: conn=4 op=0 RESULT tag=97 err=0 text=
Jul 30 05:38:22 ldap1 slapd[12700]: conn=4 op=1 SRCH 
base="ou=People,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=root))"
Jul 30 05:38:22 ldap1 slapd[12700]: conn=4 op=1 SEARCH RESULT tag=101 
err=0 nentries=0 text=
Jul 30 05:38:22 ldap1 slapd[12700]: conn=4 op=2 SRCH 
base="ou=Group,dc=misbb,dc=sk" scope=1 deref=0 
filter="(&(objectClass=posixGroup)(memberUid=root))"
Jul 30 05:38:22 ldap1 slapd[12700]: conn=4 op=2 SRCH attr=gidNumber
Jul 30 05:38:22 ldap1 slapd[12700]: <= bdb_equality_candidates: 
(memberUid) index_param failed (18)
Jul 30 05:38:22 ldap1 slapd[12700]: conn=4 op=2 SEARCH RESULT tag=101 
err=0 nentries=0 text=
Jul 30 05:38:35 ldap1 slapd[12700]: daemon: shutdown requested and 
initiated.
Jul 30 05:38:35 ldap1 slapd[12700]: conn=0 fd=11 closed (slapd shutdown)
Jul 30 05:38:35 ldap1 slapd[12700]: conn=1 fd=14 closed (slapd shutdown)
Jul 30 05:38:35 ldap1 slapd[12700]: conn=3 fd=15 closed (slapd shutdown)
Jul 30 05:38:35 ldap1 slapd[12700]: conn=4 fd=16 closed (slapd shutdown)
Jul 30 05:38:35 ldap1 slapd[12700]: slapd shutdown: waiting for 0 
threads to terminate
Jul 30 05:38:35 ldap1 slapd[12700]: slapd stopped.



From the first log seems like TLS error somehow.
I'll examine the certificate file permissions and let You know.

Peter



Quanah Gibson-Mount  wrote / napísal(a):
--On Tuesday, June 26, 2007 11:27 PM -0700 Russ Allbery <[EMAIL PROTECTED]> 
wrote:

retitle 416272 slapd: error "main: TLS init def ctx failed: -1" on start
tags 416272 -unreproducible
thanks

Mgr Peter Tuharsky <[EMAIL PROTECTED]> writes:

Hi,

I tested the script again with NO success.
slapd version: 2.3.30-2

I set the ownership of /var/lib/ldap files to openldap.openldap, start
(as root) using
cd /etc/init.d
./slapd start

however the distributional script just displays error and dosen't start
the slapd at all:

Starting OpenLDAP: slapd - failed.
The operation failed but no output was produced. For hints on what went
wrong please refer to the system's logfiles (e.g. /var/log/syslog) or
try running the daemon in Debug mode like via "slapd -d 16383" (warning:
this will create copious output).

Sounds like the init script is working just fine; your server either 
has a
configuration problem or something else is preventing TLS initialization
from succeeding.

The error here indicates user error in configuring TLS in slapd.conf, 
and is not indicative of an error in the script.  Generally, check that 
all paths to the certs referenced are correct, and that the slapd user 
has permissions to read them.

--Quanah

--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration


--
Odchádzajúca správa neobsahuje vírusy, nepoužívam Windows.
=======================

Mgr. Peter Tuhársky
Referát informatiky
Mesto Banská Bystrica
ČSA 26
975 39 Banská Bystrica

Tel: +421 48 4330 118
Fax: +421 48 411 3575

=======================