Currently Being ModeratedJul 8, 2013 9:39 PM (in response to Tyson Brown)
One more not very positive note... no, I don't have a backup of my OD database.
Currently Being ModeratedJul 8, 2013 10:56 PM (in response to Tyson Brown)
Okay, so doing a bit more digging tonight, I found this thread in the 10.6 discussions
https://discussions.apple.com/thread/2644217?start=0&tstart=0, that provided me with the command for manually starting slapd
sudo /usr/libexec/slapd -d -1
Which gave me THIS bit of error message
TLS: could not load verify locations (file:`/etc/certificates/[myservername].ECA88C7518AEDE947AAC94D9A259D1B2E562116 9.chain.pem',dir:`').
TLS: error:02001002:system library:fopen:No such file or directory /SourceCache/OpenSSL098/OpenSSL098-44/src/crypto/bio/bss_file.c:126
TLS: error:2006D080:BIO routines:BIO_new_file:no such file /SourceCache/OpenSSL098/OpenSSL098-44/src/crypto/bio/bss_file.c:129
TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib /SourceCache/OpenSSL098/OpenSSL098-44/src/crypto/x509/by_file.c:274
main: TLS init def ctx failed: -1
Which, according to the thread I looked at above MAY mean that indeed slapd/LDAP cannot find my certificate. Sure enough, when I look in /etc/certificates I cannot find the certificate that is being called above. I CAN find ones that I added tonight... Any suggestions about how to correct the error above would be appreciated....
Currently Being ModeratedJul 8, 2013 11:08 PM (in response to Tyson Brown)
When I issue sudo slapconfig -getldapconfig
Search base: dc=[mydc],dc=[mydc],dc=[mydc
Maximum search results: 11000
Search timeout: 60
SSL CA certificate: /etc/certificates/[myservername].0F091B116FF7384B23CF6CDFDD86C5F6FB79689B.chain .pem
SSL certificate: /etc/certificates/[myservername].0F091B116FF7384B23CF6CDFDD86C5F6FB79689B.cert. pem
SSL key: /etc/certificates/[myservername].0F091B116FF7384B23CF6CDFDD86C5F6FB79689B.key.p em
and when I go into /etc/certificates I see
-rw-r--r-- 1 root wheel 1850 Jul 8 22:04 [myservername].0F091B116FF7384B23CF6CDFDD86C5F6FB79689B.cert.pem
-rw-r--r-- 1 root wheel 5653 Jul 8 22:04 [myservername].0F091B116FF7384B23CF6CDFDD86C5F6FB79689B.chain.pem
-rw-r----- 1 root certusers 3593 Jul 8 22:04 [myservername].0F091B116FF7384B23CF6CDFDD86C5F6FB79689B.concat.pem
-rw-r----- 1 root certusers 1743 Jul 8 22:04 [myservername].0F091B116FF7384B23CF6CDFDD86C5F6FB79689B.key.pem
What is this concat.pem? Is it throwing the error because something somewhere is NOT caling the right cert?
Currently Being ModeratedJul 8, 2013 11:17 PM (in response to Tyson Brown)
So, when I issued "sudo nano /etc/openldap/slapd.d/cn=config.ldif" I got THESE lines at the end of the file.... Which do not refer to ANY of the files listed in /etc/certificates/
olcTLSCertificatePassphraseTool: /usr/sbin/certadmin --get-private-key-passphr
And the entryCSN timestamp seems to refer to last year....
So, do I take the plunge and remove these lines? I don't know if I can make this any worse... Constructive suggestions are welcome!
Currently Being ModeratedJul 8, 2013 11:35 PM (in response to Tyson Brown)
Okay, I did it! I REMOVED the five lines and my ldap started up immediately! Happy Happy happy! Now I go do an LDAP database backup!