SLAPD fails after reboot

Hello,

I have a problem with my Yunohost Installation on a Hosted VPS.
After having rebooted the machine the “slapd” (LDAP) service won’t start.

journalctl-xe says:
main: TLS init def ctx failed: -1 - Server Fault

I used “grep -R olcTLS /etc/openldap/slapd.d” to find the cert/key used by OpenLDAP which point to

/etc/yunohost/certs/yunohost.org/crt.pem
/etc/yunohost/certs/yunohost.org/key.pem

the permissions for both files are -rw-r–r–

Because of the missing LDAP Server I’m currently only able to login through kvm.
Neither ssh or web interface is working (logically).

I also tried “yunohost tools migrations run” which sais that there’re no pending migrations.
I rebooted several times, didn’t work either…

My versions (obtained via yunohost -v) are:

yunohost: 4.3.2.2
yunohost-admin: 4.3.2
moulinette: 4.3.2
ssowat: 4.3.2

yunohost service status outputs for slapd:
configuration:valid

start_on_boot: enabled
status: auto_restart

(which fails event when trying service start slapd.service)

What would happen if I executed the Yunohost “Install” Script?
Would it “repair” the existing installation?

To get an access in ssh, i suggest you to set PermitRootLogin yes just to be able to log in with root until slapd is repaired.

Que donne:

journalctl -u slapd

As suggested I enabled SSH root Login and extracted the requested information:

journalctl -u slapd
Nov 12 10:26:06 systemd[1]: slapd.service: Control process exited, code=exited, status=1/FAILURE
Nov 12 10:26:06 systemd[1]: slapd.service: Failed with result ‘exit-code’.
Nov 12 10:26:06 systemd[1]: Failed to start LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Nov 12 10:26:09 systemd[1]: slapd.service: Service RestartSec=3s expired, scheduling restart.
Nov 12 10:26:09 systemd[1]: slapd.service: Scheduled restart job, restart counter is at 3443.
Nov 12 10:26:09 systemd[1]: Stopped LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Nov 12 10:26:09 systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)…
Nov 12 10:26:09 slapd[30825]: @(#) $OpenLDAP: slapd (Feb 14 2021 18:32:34) $
Debian OpenLDAP Maintainers pkg-openldap-devel@lists.alioth.debian.org
Nov 12 10:26:09 slapd[30825]: main: TLS init def ctx failed: -1
Nov 12 10:26:09 slapd[30825]: DIGEST-MD5 common mech free
Nov 12 10:26:09 slapd[30825]: DIGEST-MD5 common mech free
Nov 12 10:26:09 slapd[30825]: slapd stopped.
Nov 12 10:26:09 slapd[30825]: connections_destroy: nothing to destroy.

grep -R olcTLS /etc/ldap/slapd.d/
/etc/ldap/slapd.d/cn=config.ldif:olcTLSCertificateFile: /etc/yunohost/certs/yunohost.org/crt.pem
/etc/ldap/slapd.d/cn=config.ldif:olcTLSCertificateKeyFile: /etc/yunohost/certs/yunohost.org/key.pem
/etc/ldap/slapd.d/cn=config.ldif:olcTLSVerifyClient: never
/etc/ldap/slapd.d/cn=config.ldif:olcTLSProtocolMin: 0.0

ls -l /etc/yunohost/certs/yunohost.org/
total 16
-rw-r–r-- 1 root ssl-cert 1294 Mar 19 2021 ca.pem
-rw-r–r-- 1 root ssl-cert 4661 Mar 19 2021 crt.pem
-rw-r–r-- 1 root ssl-cert 1704 Mar 19 2021 key.pem

root@sander-cloud:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster

I edited (although not recommended) the file /etc/ldap/slapd.d/cn=config.ldif

an commented out the following lines:

olcTLSCertificateFile: /etc/yunohost/certs/yunohost.org/crt.pem
olcTLSCertificateKeyFile: /etc/yunohost/certs/yunohost.org/key.pem

Now slapd starts…
I even tried setting the permissions on those files to 777 which didn’t work either.

Although I can access the web ui, I still need a fix re-enabling TLS

I still couldn’t fix the issue …Any idea?

Could it be some broken links ?

ls -l /etc/yunohost/certs/yunohost.org/

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.