Hello,
I have a problem with my Yunohost Installation on a Hosted VPS.
After having rebooted the machine the “slapd” (LDAP) service won’t start.
journalctl-xe says:
main: TLS init def ctx failed: -1 - Server Fault
I used “grep -R olcTLS /etc/openldap/slapd.d” to find the cert/key used by OpenLDAP which point to
/etc/yunohost/certs/yunohost.org/crt.pem
/etc/yunohost/certs/yunohost.org/key.pem
the permissions for both files are -rw-r–r–
Because of the missing LDAP Server I’m currently only able to login through kvm.
Neither ssh or web interface is working (logically).
I also tried “yunohost tools migrations run” which sais that there’re no pending migrations.
I rebooted several times, didn’t work either…
My versions (obtained via yunohost -v) are:
yunohost: 4.3.2.2
yunohost-admin: 4.3.2
moulinette: 4.3.2
ssowat: 4.3.2
yunohost service status outputs for slapd:
configuration:valid
…
start_on_boot: enabled
status: auto_restart
(which fails event when trying service start slapd.service)
What would happen if I executed the Yunohost “Install” Script?
Would it “repair” the existing installation?
ljf
3
To get an access in ssh, i suggest you to set PermitRootLogin yes
just to be able to log in with root until slapd is repaired.
Que donne:
journalctl -u slapd
As suggested I enabled SSH root Login and extracted the requested information:
journalctl -u slapd
Nov 12 10:26:06 systemd[1]: slapd.service: Control process exited, code=exited, status=1/FAILURE
Nov 12 10:26:06 systemd[1]: slapd.service: Failed with result ‘exit-code’.
Nov 12 10:26:06 systemd[1]: Failed to start LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Nov 12 10:26:09 systemd[1]: slapd.service: Service RestartSec=3s expired, scheduling restart.
Nov 12 10:26:09 systemd[1]: slapd.service: Scheduled restart job, restart counter is at 3443.
Nov 12 10:26:09 systemd[1]: Stopped LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Nov 12 10:26:09 systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)…
Nov 12 10:26:09 slapd[30825]: @(#) $OpenLDAP: slapd (Feb 14 2021 18:32:34) $
Debian OpenLDAP Maintainers pkg-openldap-devel@lists.alioth.debian.org
Nov 12 10:26:09 slapd[30825]: main: TLS init def ctx failed: -1
Nov 12 10:26:09 slapd[30825]: DIGEST-MD5 common mech free
Nov 12 10:26:09 slapd[30825]: DIGEST-MD5 common mech free
Nov 12 10:26:09 slapd[30825]: slapd stopped.
Nov 12 10:26:09 slapd[30825]: connections_destroy: nothing to destroy.
grep -R olcTLS /etc/ldap/slapd.d/
/etc/ldap/slapd.d/cn=config.ldif:olcTLSCertificateFile: /etc/yunohost/certs/yunohost.org/crt.pem
/etc/ldap/slapd.d/cn=config.ldif:olcTLSCertificateKeyFile: /etc/yunohost/certs/yunohost.org/key.pem
/etc/ldap/slapd.d/cn=config.ldif:olcTLSVerifyClient: never
/etc/ldap/slapd.d/cn=config.ldif:olcTLSProtocolMin: 0.0
ls -l /etc/yunohost/certs/yunohost.org/
total 16
-rw-r–r-- 1 root ssl-cert 1294 Mar 19 2021 ca.pem
-rw-r–r-- 1 root ssl-cert 4661 Mar 19 2021 crt.pem
-rw-r–r-- 1 root ssl-cert 1704 Mar 19 2021 key.pem
root@sander-cloud:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
I edited (although not recommended) the file /etc/ldap/slapd.d/cn=config.ldif
an commented out the following lines:
olcTLSCertificateFile: /etc/yunohost/certs/yunohost.org/crt.pem
olcTLSCertificateKeyFile: /etc/yunohost/certs/yunohost.org/key.pem
Now slapd starts…
I even tried setting the permissions on those files to 777 which didn’t work either.
Although I can access the web ui, I still need a fix re-enabling TLS
I still couldn’t fix the issue …Any idea?
ljf
7
Could it be some broken links ?
ls -l /etc/yunohost/certs/yunohost.org/
system
Closed
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.