This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 49126 - Adding SSL to slapd.conf makes daemon startup impossible
Adding SSL to slapd.conf makes daemon startup impossible
Status: CLOSED CANTFIX
Product: Red Hat Linux
Classification: Retired
Component: openldap (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jay Fenlason
Aaron Brown
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-07-14 10:58 EDT by Graham Leggett
Modified: 2014-08-31 19:24 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-18 12:52:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Graham Leggett 2001-07-14 10:58:43 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.73 [en] (X11; I; Linux 2.4.6 ppc)

Description of problem:
Given a configured non-SSL slapd installation, adding an SSL certificate
causes the slapd daemon not to start up - without logging any message as to
why this is the case.


How reproducible:
Always

Steps to Reproduce:
- Create a working slap configuration.
- Demonstrate the it starts up without a problem.
- Add a line TLSCertificateFile <valid cert file>
- Try start up again - this fails.


Actual Results:  A log of startup with no SSL (loglevel 65535):

Jul 14 09:48:18 chandler slapd[26263]: line 26
(pidfile^I^I/var/run/slapd.pid) 
Jul 14 09:48:18 chandler slapd[26263]: line 27
(argsfile^I/var/run/slapd.args) 
Jul 14 09:48:18 chandler slapd[26263]: line 46 (database^Ildbm) 
Jul 14 09:48:18 chandler slapd[26263]: line 47 (suffix^I^I"dc=xxxxxx,
dc=xxxx") 
Jul 14 09:48:18 chandler slapd[26263]: line 50 (rootdn^I^I"cn=Directory
Administrator, dc=xxxxx, dc=xxxxx") 
Jul 14 09:48:18 chandler slapd[26263]: line 55 (rootpw^I^Ixxxxxxxx) 
Jul 14 09:48:18 chandler slapd[26263]: line 59
(directory^I/var/lib/ldap/xxxxx) 
Jul 14 09:48:18 chandler slapd[26263]: line 62
(index^IobjectClass,uid,uidNumber,gidNumber^Ieq) 
Jul 14 09:48:18 chandler slapd[26263]: index objectClass 0x0004 
Jul 14 09:48:18 chandler slapd[26263]: index uid 0x0004 
Jul 14 09:48:18 chandler slapd[26263]: index uidNumber 0x0004 
Jul 14 09:48:18 chandler slapd[26263]: index gidNumber 0x0004 
Jul 14 09:48:18 chandler slapd[26263]: line 63
(index^Icn,mail,surname,givenname^I^Ieq,subinitial) 
Jul 14 09:48:18 chandler slapd[26263]: index cn 0x0114 
Jul 14 09:48:18 chandler slapd[26263]: index mail 0x0114 
Jul 14 09:48:18 chandler slapd[26263]: index sn 0x0114 
Jul 14 09:48:18 chandler slapd[26263]: index givenName 0x0114 
Jul 14 09:48:18 chandler slapd[26263]: line 75 (access to
dn=".*,dc=xxxxx,dc=xxxxx" attr=userPassword^Iby self write^Iby anonymous
auth^Iby dn="cn=Administrator,dc=xxxx,dc=xxxx" write^Iby * none) 
Jul 14 09:48:18 chandler slapd[26263]: line 82 (access to
dn=".*,ou=People,dc=xxxx,dc=xxxx"
attr=mailMessageStore,attr=homeDirectory,attr=deliveryProgramPath,attr=qmailDotMode,attr=deliveryMode^Iby
self none^Iby anonymous auth^Iby dn="cn=Administrator,dc=xxxxx,dc=xxxx"
write^Iby dn="cn=Qmail,dc=xxxx,dc=xxxx" read^Iby * none) 
Jul 14 09:48:18 chandler slapd[26263]: line 87 (access to
dn="ou=People,dc=xxxxx,dc=xxxx"^Iby dn="cn=Administrator,dc=xxxxx,dc=xxxx"
write^Iby dn="cn=Qmail,dc=xxxxxx,dc=xxxx" read^Iby * none) 
Jul 14 09:48:18 chandler slapd[26263]: line 93 (access to
dn=".*,ou=People,dc=xxxxx,dc=xxxx"^Iby self read^Iby
dn="cn=Administrator,dc=xxxxx,dc=xxxx" write^Iby
dn="cn=Qmail,dc=xxxxx,dc=xxxx" read^Iby * none) 
Jul 14 09:48:18 chandler slapd[26264]: slapd startup: initiated. 
Jul 14 09:48:18 chandler slapd[26264]: slapd starting 
Jul 14 09:48:18 chandler slapd[26264]: daemon: added 6r 
Jul 14 09:48:18 chandler slapd[26264]:daemon: select: listen=6
active_threads=0 tvp=NULL 

A log of startup with SSL:

Jul 14 09:49:06 chandler slapd[26291]: line 26
(pidfile^I^I/var/run/slapd.pid) 
Jul 14 09:49:06 chandler slapd[26291]: line 27
(argsfile^I/var/run/slapd.args) 
Jul 14 09:49:06 chandler slapd[26291]: line 38 (TLSCertificateFile
/var/qmail/control/cert.pem) 
Jul 14 09:49:06 chandler slapd[26291]: line 46 (database^Ildbm) 
Jul 14 09:49:06 chandler slapd[26291]: line 47 (suffix^I^I"dc=xxxxx,
dc=xxxx") 
Jul 14 09:49:06 chandler slapd[26291]: line 50 (rootdn^I^I"cn=Directory
Administrator, dc=xxxxxx, dc=xxxx") 
Jul 14 09:49:06 chandler slapd[26291]: line 55 (rootpw^I^Ixxxxxxxxxx) 
Jul 14 09:49:06 chandler slapd[26291]: line 59
(directory^I/var/lib/ldap/xxxxxxxx) 
Jul 14 09:49:06 chandler slapd[26291]: line 62
(index^IobjectClass,uid,uidNumber,gidNumber^Ieq) 
Jul 14 09:49:06 chandler slapd[26291]: index objectClass 0x0004 
Jul 14 09:49:06 chandler slapd[26291]: index uid 0x0004 
Jul 14 09:49:06 chandler slapd[26291]: index uidNumber 0x0004 
Jul 14 09:49:06 chandler slapd[26291]: index gidNumber 0x0004 
Jul 14 09:49:06 chandler slapd[26291]: line 63
(index^Icn,mail,surname,givenname^I^Ieq,subinitial) 
Jul 14 09:49:06 chandler slapd[26291]: index cn 0x0114 
Jul 14 09:49:06 chandler slapd[26291]: index mail 0x0114 
Jul 14 09:49:06 chandler slapd[26291]: index sn 0x0114 
Jul 14 09:49:06 chandler slapd[26291]: index givenName 0x0114 
Jul 14 09:49:06 chandler slapd[26291]: line 75 (access to
dn=".*,dc=xxxxx,dc=xxxx" attr=userPassword^Iby self write^Iby anonymous
auth^Iby d
n="cn=Administrator,dc=xxxx,dc=xxxxx" write^Iby * none) 
Jul 14 09:49:06 chandler slapd[26291]: line 82 (access to
dn=".*,ou=People,dc=xxxxxx,dc=xxxx"
attr=mailMessageStore,attr=homeDirectory,attr=d
eliveryProgramPath,attr=qmailDotMode,attr=deliveryMode^Iby self none^Iby
anonymous auth^Iby dn="cn=Administrator,dc=xxxxx,dc=xxxx" write^Iby
 dn="cn=Qmail,dc=xxxxxx,dc=xxxx" read^Iby * none) 
Jul 14 09:49:06 chandler slapd[26291]: line 87 (access to
dn="ou=People,dc=xxxx,dc=xxxx"^Iby dn="cn=Administrator,dc=xxxxx,dc=xxxx"
write^Iby
 dn="cn=Qmail,dc=xxxxx,dc=xxxx" read^Iby * none) 
Jul 14 09:49:06 chandler slapd[26291]: line 93 (access to
dn=".*,ou=People,dc=xxxxxx,dc=xxxx"^Iby self read^Iby
dn="cn=Administrator,dc=xxxxx
,dc=xxxx" write^Iby dn="cn=Qmail,dc=xxxxx,dc=xxxx" read^Iby * none) 
Jul 14 09:49:06 chandler slapd[26291]: slapd shutdown: freeing system
resources. 
Jul 14 09:49:06 chandler slapd[26291]: slapd stopped. 
Jul 14 09:49:06 chandler slapd[26291]: connections_destroy: nothing to
destroy. 


Additional info:
Comment 1 Pawel Salek 2001-08-13 06:07:58 EDT
I confirm this bug.

Additionally, sasl authentication (CRAM-MD5) does not work when slapd runs as
ldap. I could make it work only when running slapd as root. (let me know if this
should be opened as separate report, or if additional information is necessary;
openldap-2.0.11-8).
Comment 2 Bill Nottingham 2006-08-07 15:33:27 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
Please check if this issue is still present in a current Fedora Core
release. If so, please change the product and version to match, and
check the box indicating that the requested information has been
provided. Note that any bug still open against Red Hat Linux on will be
closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Comment 3 Bill Nottingham 2006-10-18 12:52:02 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.