got into a "checksum error" situation

Wed, 08 Aug 2012 14:42:34 -0700 

I was following an Ubuntu howto at
https://help.ubuntu.com/12.04/serverguide/openldap-server.html ,which has
served me well so far, and I was working on the part where TLS is set up.

I made an ldif file like:

dn: cn=config
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/certs/grackle_slapd_cert.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/private/grackle_slapd_key.pem


and, well, I blew it.. I initially had a typo in it, and the server cert
and key weren't where I said they were.

I ran ldapmodify to load the ldif file above:

ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif


Then I tried to restart slapd, and perhaps unsurprisingly it did not
restart.

Aug  8 16:41:30 grackle slapd[1660]: @(#) $OpenLDAP: slapd  (Jul 26 2012
00:10:41) $#012#011buildd@aatxe
:/build/buildd/openldap-2.4.28/debian/build/servers/slapd
Aug  8 16:41:30 grackle slapd[1660]: main: TLS init def ctx failed: -1
Aug  8 16:41:30 grackle slapd[1660]: slapd stopped.
Aug  8 16:41:30 grackle slapd[1660]: connections_destroy: nothing to
destroy.


So I thought I just fix my ldif file, which I did, and then run ldapmodify
again.  But no, that clearly wasn't going to work because slapd wasn't
running.  Not knowing what else to do, I removed the lines containing
"olcTLS" from /etc/ldap/slapd.d/cn=config.ldif.  Then I was able to restart
slapd (congratulating myself) and then re-ran my ldapmodify command to
enter the correct locations of the cert and key.  But I still get a
checksum error in syslog:

Aug  8 17:04:53 grackle slapd[2028]: slapd starting
Aug  8 17:05:01 grackle slapd[2028]: ldif_read_file: checksum error on
"/etc/ldap /slapd.d/cn=config.ldif"


I haven't even tried to see if I have TLS working, but I have two questions:

#1.  How should I have recovered from this (human) error?  What I did
didn't seem to work out very well.

and

#2.  How do I un-screw my config and resolve the checksum problem?

Thanks in advance for any assistance.

-- 
*     Jeff Dickens*
     IT Manager      978-632-1513

Reply via email to