Bug 160150 – ldap server does no start

Bug 160150 - ldap server does no start

Summary:	ldap server does no start

Status:	CLOSED NEXTRELEASE

Aliases:	None

Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	authconfig (Show other bugs)
Sub Component:
Version:	4.0
Hardware:	i386 Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Tomas Mraz
QA Contact:	Brian Brock
Docs Contact:

URL:	none
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2005-06-11 18:26 EDT by misteros2
Modified:	2007-11-30 17:07 EST (History)
CC List:	2 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2005-10-12 13:53:11 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description misteros2 2005-06-11 18:26:51 EDT

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050422 Red Hat/1.7.7-1.4.2

Description of problem:
installing pristine rhel4-u1
ldap server fails to start
output in log:
Jun 11 22:19:42 srv142 slaptest: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December
3, 2003)
Jun 11 22:19:42 srv142 slaptest: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December
3, 2003)
Jun 11 22:19:42 srv142 ldap:  succeeded
Jun 11 22:19:42 srv142 slapd[3403]: @(#) $OpenLDAP: slapd 2.2.13 (Aug 19 2004 21:22:15) $       root@porky.build.redhat.com:/usr/src/build/440386-i386/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/servers/slapd
Jun 11 22:19:42 srv142 slapd[3403]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
Jun 11 22:19:42 srv142 slapd[3403]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
Jun 11 22:19:42 srv142 slapd[3403]: main: TLS init def ctx failed: -1
Jun 11 22:19:42 srv142 slapd[3403]: slapd stopped.
Jun 11 22:19:42 srv142 slapd[3403]: connections_destroy: nothing to destroy.
Jun 11 22:19:42 srv142 ldap: slapd startup failed


Version-Release number of selected component (if applicable):
openldap 2.2.13-2

How reproducible:
Always

Steps to Reproduce:
my slapd.conf:

  #
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/redhat/autofs.schema
# extras
include         /etc/openldap/schema/samba.schema

database        ldbm
directory       /var/lib/ldap

suffix          "dc=cid,dc=net"
rootdn          "cn=root,dc=cid,dc=net"
rootpw          secret 

cachesize       100000
dbcachesize     1000000
sizelimit       100
timelimit       360
#loglevel        0

pidfile /var/run/slapd.pid
argsfile /var/run/slapd/slapd.args

index   objectClass             eq
index   cn                      pres,sub,eq
index   sn                      pres,sub,eq
index   uid                     pres,sub,eq
index   displayName             pres,sub,eq
index   uidNumber               eq
index   gidNumber               eq
index   memberUID               eq
index   sambaSID                eq
index   sambaPrimaryGroupSID    eq
index   sambaDomainName         eq
index   default                 sub


Expected Results:  when installing previous rhel4: no problem

Additional info:

Comment 1 Yasuma Takeda 2005-07-19 07:50:09 EDT

Hi,

I guess you should remove "TLS_CACERTDIR /etc/openldap/cacerts" from
/etc/openldap/ldap.conf.
It may resolve your problem.

The behaviour of nss_ldap was changed from nss_ldap-226-1 to nss_ldap-226-6.

Comment 2 Joe Orton 2005-08-04 07:54:37 EDT

This appears to be caused by authconfig, which is adding the TLS_CACERTDIR
setting to the system ldap.conf, even though the directory it references does
not exist.

Comment 4 Tomas Mraz 2005-08-04 09:17:49 EDT

Authconfig probably shouldn't add this config directive to ldap.conf if TLS is
not on, however the directory should be a part of openldap package anyway. This
directory should be probably created anyway because already broken
configurations cannot be fixed by simple authconfig upgrade.

Comment 5 Tomas Mraz 2005-08-04 09:49:55 EDT

Also see bug 159151 - basically a duplicate.

Comment 8 Tomas Mraz 2005-10-12 13:53:11 EDT

This will be fixed also in authconfig in the next RHEL release. (Already fixed
in Fedora Core development.)

Note You need to log in before you can comment on or make changes to this bug.