Hello,
I have managed to start the migrated LDAP server on Rocky 9, v2.6.9 LTB.
It seems to be working fine but, I cannot connect over ssl (ldaps, port
636).
I am trying to connect with Apache Directory Studio but it fails,
although I am using the same certificate as on the orignal server (the
cert covers both server names).
I have enabled conns logging on the server and I see connection coming
in, but for some reason it fails (input error=-2):
Could you please guide me to troubleshoot this?
May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1
descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon:
activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21
11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7
active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 busy May 21
11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10
active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
daemon: epoll: listen=11 active_threads=0 tvp=NULL *May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: accept() = 14* May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21
11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21
11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May
21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8
active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0
tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll:
listen=11 active_threads=0 tvp=NULL *May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: listen=9, new connection on 14 May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: added 14r (active)
listener=(nil)* May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon:
activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]:
daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: May
21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7
active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0
tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll:
listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL
*May 21 11:19:14 ldap1.noa.gr slapd[17512]: conn=1002 fd=14 ACCEPT
from IP=195.251.xxx.xxx:51334 (IP=0.0.0.0:636)* May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21
11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21
11:19:14 ldap1.noa.gr slapd[17512]: 14r May 21 11:19:14
ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: read active on 14 May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May
21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8
active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0
tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll:
listen=11 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14
ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May
21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8
active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0
tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll:
listen=11 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14
ldap1.noa.gr slapd[17512]: 14r May 21 11:19:14 ldap1.noa.gr
slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon:
read active on 14 May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon:
epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0
tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll:
listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May
21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11
active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr
slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon:
epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0
tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll:
listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May
21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11
active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr
slapd[17512]: 14r May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21
11:19:14 ldap1.noa.gr slapd[17512]: daemon: read active on 14 May 21
11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7
active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0
tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll:
listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL May
21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7
active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0
tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll:
listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL
*May 21 11:19:14 ldap1.noa.gr slapd[17512]: conn=1002 fd=14 TLS
established tls_ssf=256 ssf=256 tls_proto=TLSv1.3
tls_cipher=TLS_AES_256_GCM_SHA384* May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14
ldap1.noa.gr slapd[17512]: 14r May 21 11:19:14 ldap1.noa.gr
slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon:
read active on 14 May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon:
epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0
tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll:
listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May
21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11
active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr
slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon:
epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0
tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll:
listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May
21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11
active_threads=0 tvp=NULL *May 21 11:19:14 ldap1.noa.gr
slapd[17512]: conn=1002 op=0 BIND
dn="uid=userx,ou=people,dc=noa,dc=gr" method=128 May 21 11:19:14
ldap1.noa.gr slapd[17512]: conn=1002 op=0 BIND
dn="uid=userx,ou=people,dc=noa,dc=gr" mech=SIMPLE bind_ssf=0 ssf=256
May 21 11:19:14 ldap1.noa.gr slapd[17512]: conn=1002 op=0 RESULT
tag=97 err=0 qtime=0.000034 etime=0.000475 text=* May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21
11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21
11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr
slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May
21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8
active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0
tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll:
listen=11 active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr
slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:44
ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:44
ldap1.noa.gr slapd[17512]: 14r May 21 11:19:44 ldap1.noa.gr
slapd[17512]: May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon:
read active on 14 May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon:
epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:44
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0
tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll:
listen=9 active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr
slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May
21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11
active_threads=0 tvp=NULL *May 21 11:19:44 ldap1.noa.gr
slapd[17512]: connection_read(14): input error=-2 id=1002, closing.
May 21 11:19:44 ldap1.noa.gr slapd[17512]: connection_closing:
readying conn=1002 sd=14 for close May 21 11:19:44 ldap1.noa.gr
slapd[17512]: daemon: removing 14 May 21 11:19:44 ldap1.noa.gr
slapd[17512]: conn=1002 fd=14 closed (connection lost)*May 21
11:19:44 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor
May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: activity on: May
21 11:19:44 ldap1.noa.gr slapd[17512]: May 21 11:19:44 ldap1.noa.gr
slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May
21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8
active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]:
daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:44
ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0
tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll:
listen=11 active_threads=0 tvp=NULL
I have tried removing the olcTLSCipherSuite attribute, but it won't work
anyway.
As a side note, I see that logging is directed to the journal. Could I
redirect it to a file instead? I have set olcLogFile, but logging is
directed to the journal nevertheless.
Thanks a lot,
Nick
