7

slapd 2.4.23 hangs on ldaps connections

view full story
linux-howto

http://serverfault.com – New install of CentOS 6.3, openldap-servers-2.4.23. Generated a new certificate request, signed the cert, started slapd. ldapsearch responds on ldapi:/// and ldap:///. However, as soon as a request is made on ldaps:///, the slapd process consumes all available CPU and never responds. strace -p -ff yields the following results, in an infinite loop: [pid 5978] open("/etc/openldap/certs/server.key", O_RDONLY) = 21 [pid 5978] stat("/etc/openldap/certs/server.key", {st_mode=S_IFREG|0640, st_size=1704, ...}) = 0 [pid 5978] read(21, "-----BEGIN PRIVATE KEY-----\nMIIE"..., 1704) = 1704 [pid 59 (HowTos)

taskli's picture
Submitted by taskli on 01/23/2013 – Made popular on 01/23/2013

Stories similar to slapd 2.4.23 hangs on ldaps connections

I'm using SLED-11 SP2 32 bit, & I'm able to compile & start the slapd on my system.

I've configured a second host to replicate the main LDAP server via syncrepl in the slapd.conf:

syncrepl rid=666 provider=ldaps://my-main-server.com type=refreshAndPersist searchBase="dc=Staff,dc=my-main-server,dc=com" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=simple binddn="cn=repadmin,dc=my-main-serve

We went through the steps of revoking an SSL Certificate used by our OpenLDAP server and renewing it but we are unable to start slapd.

Here are the commands we used:

openssl verify hostname_domain_com_cert.pem

We got back that the certificate was expired but "OK"

We revoked the certificate we'd been using:

openssl ca -revoke /etc/ssl/certs/hostname_domain_com_cert.pem

Revoking worked

I have just installed fresh Centos 6.2 with openldap and samba with yum command. I'm having a bit of issue with finding the slapd.conf file. There is a folder for slap.d/ but no conf file in it by default. I can see folders

cacerts schema sldap.d

and ldap.conf file.

I have also checked in Fedora 15 and found same situation taht there is no slapd.conf file. So now where to start ?

LDAP Berkeley DB 41 weeks 5 days ago

I'm trying to configure slapd on my machine and I keep getting this error. I can recover at times using db7.7_recover but not always. I see this problem if the slapd deamon is killed for any reason.

Isn't a DB supposed to be able to take care of these failures?

am using Centos 5.3 to configure my openldap server.Every thing is going ok .The problem which I am facing is how to add users and group in my ldap server.

1- My slapd.conf is

vi /etc/openldap/slapd.conf

database bdb

suffix "dc=test,dc=local"

rootdn "cn=Manager,dc=test,dc=local"

rootpw 123

2- Now I start my LDAP service

[root@srv1 openldap]# servic

Hi M trying to install sendmail server on rhel6.i am having problem in setting up openldap. Please help

regards Mukesh following is slapd.conf

# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. #

include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openlda

# LDAPTLS_CACERTDIR=/etc/ssl/certs/ ldapwhoami -x -ZZ -H ldaps://ldap.domain.tld ldap_start_tls: Can't contact LDAP server (-1) additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.

# openssl s_client -connect ldap.domain.tld:636 -CApath /etc/ssl/certs <...

hi,

I am using Fedora 12 to configure my openldap server in a non production enviroment .Every thing is going ok .The problem which I am facing is how to add users and group in my ldap server.

1- My slapd.conf is # vi /etc/openldap/slapd.conf

database bdb

suffix "dc=test,dc=local"

rootdn "cn=Manager,dc=test,dc=local"

rootpw 123

2- Now I start