From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050422 Red Hat/1.7.7-1.4.2 Description of problem: installing pristine rhel4-u1 ldap server fails to start output in log: Jun 11 22:19:42 srv142 slaptest: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Jun 11 22:19:42 srv142 slaptest: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Jun 11 22:19:42 srv142 ldap: succeeded Jun 11 22:19:42 srv142 slapd[3403]: @(#) $OpenLDAP: slapd 2.2.13 (Aug 19 2004 21:22:15) $ root.redhat.com:/usr/src/build/440386-i386/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd Jun 11 22:19:42 srv142 slapd[3403]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Jun 11 22:19:42 srv142 slapd[3403]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Jun 11 22:19:42 srv142 slapd[3403]: main: TLS init def ctx failed: -1 Jun 11 22:19:42 srv142 slapd[3403]: slapd stopped. Jun 11 22:19:42 srv142 slapd[3403]: connections_destroy: nothing to destroy. Jun 11 22:19:42 srv142 ldap: slapd startup failed Version-Release number of selected component (if applicable): openldap 2.2.13-2 How reproducible: Always Steps to Reproduce: my slapd.conf: # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/redhat/autofs.schema # extras include /etc/openldap/schema/samba.schema database ldbm directory /var/lib/ldap suffix "dc=cid,dc=net" rootdn "cn=root,dc=cid,dc=net" rootpw secret cachesize 100000 dbcachesize 1000000 sizelimit 100 timelimit 360 #loglevel 0 pidfile /var/run/slapd.pid argsfile /var/run/slapd/slapd.args index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub Expected Results: when installing previous rhel4: no problem Additional info:
Hi, I guess you should remove "TLS_CACERTDIR /etc/openldap/cacerts" from /etc/openldap/ldap.conf. It may resolve your problem. The behaviour of nss_ldap was changed from nss_ldap-226-1 to nss_ldap-226-6.
This appears to be caused by authconfig, which is adding the TLS_CACERTDIR setting to the system ldap.conf, even though the directory it references does not exist.
Authconfig probably shouldn't add this config directive to ldap.conf if TLS is not on, however the directory should be a part of openldap package anyway. This directory should be probably created anyway because already broken configurations cannot be fixed by simple authconfig upgrade.
Also see bug 159151 - basically a duplicate.
This will be fixed also in authconfig in the next RHEL release. (Already fixed in Fedora Core development.)