Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED]: OpenLDAP and GnuTLS (and OpenSSL)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
AchilleTalon
Guru
Guru


Joined: 11 Apr 2004
Posts: 368
Location: Montreal, Quebec, Canada

PostPosted: Sat Jan 21, 2012 7:25 pm    Post subject: [SOLVED]: OpenLDAP and GnuTLS (and OpenSSL) Reply with quote

I am unable to make OpenLDAP and GnuTLS working together. As soon as I enter the definitions for the certificates in the slapd.conf file I am getting the following error on startup:

Code:

 * Starting ldap-server ...
*** glibc detected *** /usr/lib/openldap/slapd: double free or corruption (!prev): 0x0828b398 ***
======= Backtrace: =========
/lib/libc.so.6(+0x6e7b1)[0xb73c97b1]
/lib/libc.so.6(+0x700e3)[0xb73cb0e3]
/lib/libc.so.6(cfree+0x6d)[0xb73ce26d]
/usr/lib/libgnutls.so.26(gnutls_priority_deinit+0x20)[0xb72c7500]
/usr/lib/libldap_r-2.4.so.2(+0x3a9d3)[0xb77689d3]
/usr/lib/libldap_r-2.4.so.2(ldap_pvt_tls_ctx_free+0x25)[0xb77655c5]
/usr/lib/libldap_r-2.4.so.2(+0x37697)[0xb7765697]
/usr/lib/openldap/slapd(main+0x10fc)[0x8060a4c]
/lib/libc.so.6(__libc_start_main+0xe6)[0xb7375296]
/usr/lib/openldap/slapd[0x805f3d1]
======= Memory map: ========
08048000-081b4000 r-xp 00000000 fd:05 95674      /usr/lib/openldap/slapd
081b4000-081b5000 r--p 0016b000 fd:05 95674      /usr/lib/openldap/slapd
081b5000-081ba000 rw-p 0016c000 fd:05 95674      /usr/lib/openldap/slapd
081ba000-08299000 rw-p 00000000 00:00 0          [heap]
b6be3000-b6bfe000 r-xp 00000000 fd:05 309486     /usr/lib/gcc/i686-pc-linux-gnu/4.5.3/libgcc_s.so.1
b6bfe000-b6bff000 r--p 0001a000 fd:05 309486     /usr/lib/gcc/i686-pc-linux-gnu/4.5.3/libgcc_s.so.1
b6bff000-b6c00000 rw-p 0001b000 fd:05 309486     /usr/lib/gcc/i686-pc-linux-gnu/4.5.3/libgcc_s.so.1
b6c00000-b6c21000 rw-p 00000000 00:00 0
b6c21000-b6d00000 ---p 00000000 00:00 0
b6d04000-b6d28000 r-xp 00000000 fd:05 422455     /usr/lib/postgresql-9.1/lib/libpq.so.5.4
b6d28000-b6d29000 r--p 00024000 fd:05 422455     /usr/lib/postgresql-9.1/lib/libpq.so.5.4
b6d29000-b6d2a000 rw-p 00025000 fd:05 422455     /usr/lib/postgresql-9.1/lib/libpq.so.5.4
b6d2a000-b6d7c000 r-xp 00000000 fd:05 415597     /usr/lib/libssl.so.1.0.0
b6d7c000-b6d7e000 r--p 00051000 fd:05 415597     /usr/lib/libssl.so.1.0.0
b6d7e000-b6d81000 rw-p 00053000 fd:05 415597     /usr/lib/libssl.so.1.0.0
b6d81000-b6da5000 r-xp 00000000 09:03 95800      /lib/libm-2.13.so
b6da5000-b6da6000 r--p 00023000 09:03 95800      /lib/libm-2.13.so
b6da6000-b6da7000 rw-p 00024000 09:03 95800      /lib/libm-2.13.so
b6db4000-b6ed7000 r-xp 00000000 fd:05 171085     /usr/lib/mysql/libmysqlclient.so.16.0.0
b6ed7000-b6ed9000 r--p 00122000 fd:05 171085     /usr/lib/mysql/libmysqlclient.so.16.0.0
b6ed9000-b6f1e000 rw-p 00124000 fd:05 171085     /usr/lib/mysql/libmysqlclient.so.16.0.0
b6f1e000-b6f1f000 rw-p 00000000 00:00 0
b6f1f000-b6f24000 r-xp 00000000 fd:05 376892     /usr/lib/sasl2/libsql.so.2.0.23
b6f24000-b6f25000 r--p 00005000 fd:05 376892     /usr/lib/sasl2/libsql.so.2.0.23
b6f25000-b6f26000 rw-p 00006000 fd:05 376892     /usr/lib/sasl2/libsql.so.2.0.23
b6f26000-b6f2b000 r-xp 00000000 fd:05 376888     /usr/lib/sasl2/libsasldb.so.2.0.23
b6f2b000-b6f2c000 r--p 00004000 fd:05 376888     /usr/lib/sasl2/libsasldb.so.2.0.23
b6f2c000-b6f2d000 rw-p 00005000 fd:05 376888     /usr/lib/sasl2/libsasldb.so.2.0.23
b6f2d000-b6f31000 r-xp 00000000 fd:05 376850     /usr/lib/sasl2/libplain.so.2.0.23
b6f31000-b6f32000 r--p 00003000 fd:05 376850     /usr/lib/sasl2/libplain.so.2.0.23
b6f32000-b6f33000 rw-p 00004000 fd:05 376850     /usr/lib/sasl2/libplain.so.2.0.23
b6f33000-b6f70000 r-xp 00000000 fd:05 415772     /usr/lib/libldap-2.4.so.2.6.0
b6f70000-b6f71000 ---p 0003d000 fd:05 415772     /usr/lib/libldap-2.4.so.2.6.0
b6f71000-b6f72000 r--p 0003d000 fd:05 415772     /usr/lib/libldap-2.4.so.2.6.0
b6f72000-b6f73000 rw-p 0003e000 fd:05 415772     /usr/lib/libldap-2.4.so.2.6.0
b6f77000-b6f7e000 r-xp 00000000 fd:05 376881     /usr/lib/sasl2/libntlm.so.2.0.23
b6f7e000-b6f7f000 r--p 00006000 fd:05 376881     /usr/lib/sasl2/libntlm.so.2.0.23
b6f7f000-b6f80000 rw-p 00007000 fd:05 376881     /usr/lib/sasl2/libntlm.so.2.0.23
b6f80000-b6f82000 r-xp 00000000 09:03 94352      /lib/libkeyutils-1.2.so
b6f82000-b6f83000 r--p 00001000 09:03 94352      /lib/libkeyutils-1.2.so
b6f83000-b6f84000 rw-p 00002000 09:03 94352      /lib/libkeyutils-1.2.so
b6f84000-b6f8a000 r-xp 00000000 fd:05 415619     /usr/lib/libkrb5support.so.0.1
b6f8a000-b6f8b000 r--p 00005000 fd:05 415619     /usr/lib/libkrb5support.so.0.1
b6f8b000-b6f8c000 rw-p 00006000 fd:05 415619     /usr/lib/libkrb5support.so.0.1
b6f8c000-b6fb0000 r-xp 00000000 fd:05 415859     /usr/lib/libk5crypto.so.3.1
b6fb0000-b6fb1000 r--p 00023000 fd:05 415859     /usr/lib/libk5crypto.so.3.1
b6fb1000-b6fb2000 rw-p 00024000 fd:05 415859     /usr/lib/libk5crypto.so.3.1
b6fb2000-b7062000 r-xp 00000000 fd:05 415844     /usr/lib/libkrb5.so.3.3
b7062000-b7068000 r--p 000af000 fd:05 415844     /usr/lib/libkrb5.so.3.3
b7068000-b7069000 rw-p 000b5000 fd:05 415844     /usr/lib/libkrb5.so.3.3
b7069000-b709d000 r-xp 00000000 fd:05 414937     /usr/lib/libgssapi_krb5.so.2.2
b709d000-b709e000 r--p 00034000 fd:05 414937     /usr/lib/libgssapi_krb5.so.2.2
b709e000-b709f000 rw-p 00035000 fd:05 414937     /usr/lib/libgssapi_krb5.so.2.2
b70a1000-b70a4000 r-xp 00000000 fd:05 376877     /usr/lib/sasl2/liblogin.so.2.0.23
b70a4000-b70a5000 r--p 00003000 fd:05 376877     /usr/lib/sasl2/liblogin.so.2.0.23
b70a5000-b70a6000 rw-p 00004000 fd:05 376877     /usr/lib/sasl2/liblogin.so.2.0.23
b70a6000-b70aa000 r-xp 00000000 fd:05 376874     /usr/lib/sasl2/libldapdb.so.2.0.23
b70aa000-b70ab000 r--p 00003000 fd:05 376874     /usr/lib/sasl2/libldapdb.so.2.0.23
b70ab000-b70ac000 rw-p 00004000 fd:05 376874     /usr/lib/sasl2/libldapdb.so.2.0.23
b70ac000-b71fd000 r-xp 00000000 fd:05 415469     /usr/lib/libcrypto.so.1.0.0
b71fd000-b720c000 r--p 00150000 fd:05 415469     /usr/lib/libcrypto.so.1.0.0
b720c000-b7212000 rw-p 0015f000 fd:05 415469     /usr/lib/libcrypto.so.1.0.0
b7212000-b7215000 rw-p 00000000 00:00 0
b7216000-b7218000 r-xp 00000000 09:03 95788      /lib/libcom_err.so.2.1
b7218000-b7219000 r--p 00001000 09:03 95788      /lib/libcom_err.so.2.1
b7219000-b721a000 rw-p 00002000 09:03 95788      /lib/libcom_err.so.2.1
b721a000-b7220000 r-xp 00000000 fd:05 376870     /usr/lib/sasl2/libgssapiv2.so.2.0.23
b7220000-b7221000 r--p 00005000 fd:05 376870     /usr/lib/sasl2/libgssapiv2.so.2.0.23
b7221000-b7222000 rw-p 00006000 fd:05 376870     /usr/lib/sasl2/libgssapiv2.so.2.0.23
b7222000-b722d000 r-xp 00000000 fd:05 376866     /usr/lib/sasl2/libdigestmd5.so.2.0.23
b722d000-b722e000 r--p 0000a000 fd:05 376866     /usr/lib/sasl2/libdigestmd5.so.2.0.23
b722e000-b722f000 rw-p 0000b000 fd:05 376866     /usr/lib/sasl2/libdigestmd5.so.2.0.23
b722f000-b7238000 r-xp 00000000 09:03 95571      /lib/libnss_nis-2.13.so
b7238000-b7239000 r--p 00008000 09:03 95571      /lib/libnss_nis-2.13.so
b7239000-b723a000 rw-p 00009000 09:03 95571      /lib/libnss_nis-2.13.so
b723a000-b724d000 r-xp 00000000 09:03 95561      /lib/libnsl-2.13.so
b724d000-b724e000 r--p 00012000 09:03 95561      /lib/libnsl-2.13.so
b724e000-b724f000 rw-p 00013000 09:03 95561      /lib/libnsl-2.13.so
b724f000-b7251000 rw-p 00000000 00:00 0
b7251000-b7257000 r-xp 00000000 09:03 95802      /lib/libnss_compat-2.13.so
b7257000-b7258000 r--p 00006000 09:03 95802      /lib/libnss_compat-2.13.so
b7258000-b7259000 rw-p 00007000 09:03 95802      /lib/libnss_compat-2.13.so
b7259000-b725d000 r-xp 00000000 09:03 95803      /lib/libnss_dns-2.13.so
b725d000-b725e000 r--p 00004000 09:03 95803      /lib/libnss_dns-2.13.so
b725e000-b725f000 rw-p 00005000 09:03 95803      /lib/libnss_dns-2.13.so
b725f000-b7267000 r-xp 00000000 fd:05 415974     /usr/lib/libnss_mdns-0.2.so
b7267000-b7268000 r--p 00007000 fd:05 415974     /usr/lib/libnss_mdns-0.2.so
b7268000-b7269000 rw-p 00008000 fd:05 415974     /usr/lib/libnss_mdns-0.2.so
b7269000-b7273000 r-xp 00000000 09:03 95804      /lib/libnss_files-2.13.so
b7273000-b7274000 r--p 00009000 09:03 95804      /lib/libnss_files-2.13.so
b7274000-b7275000 rw-p 0000a000 09:03 95804      /lib/libnss_files-2.13.so
b7275000-b7277000 rw-p 00000000 00:00 0
b7277000-b728a000 r-xp 00000000 09:03 95785      /lib/libz.so.1.2.5
b728a000-b728b000 r--p 00012000 09:03 95785      /lib/libz.so.1.2.5
b728b000-b728c000 rw-p 00013000 09:03 95785      /lib/libz.so.1.2.5
b728c000-b729b000 r-xp 00000000 fd:05 414811     /usr/lib/libtasn1.so.3.1.11
b729b000-b729c000 r--p 0000e000 fd:05 414811     /usr/lib/libtasn1.so.3.1.11
b729c000-b729d000 rw-p 0000f000 fd:05 414811     /usr/lib/libtasn1.so.3.1.11
b729d000-b72a0000 r-xp 00000000 fd:05 413705     /usr/lib/libgpg-error.so.0.8.0
b72a0000-b72a1000 r--p 00002000 fd:05 413705     /usr/lib/libgpg-error.so.0.8.0
b72a1000-b72a2000 rw-p 00003000 fd:05 413705     /usr/lib/libgpg-error.so.0.8.0
b72a2000-b72a3000 rw-p 00000000 00:00 0
b72a3000-b72a5000 r-xp 00000000 09:03 95799      /lib/libdl-2.13.so
b72a5000-b72a6000 r--p 00001000 09:03 95799      /lib/libdl-2.13.so
b72a6000-b72a7000 rw-p 00002000 09:03 95799      /lib/libdl-2.13.so
b72a7000-b7341000 r-xp 00000000 fd:05 414986     /usr/lib/libgnutls.so.26.16.14
b7341000-b7345000 r--p 00099000 fd:05 414986     /usr/lib/libgnutls.so.26.16.14
b7345000-b7346000 rw-p 0009d000 fd:05 414986     /usr/lib/libgnutls.so.26.16.14
b7346000-b7357000 r-xp 00000000 09:03 95807      /lib/libresolv-2.13.so
b7357000-b7358000 r--p 00010000 09:03 95807      /lib/libresolv-2.13.so
b7358000-b7359000 rw-p 00011000 09:03 95807      /lib/libresolv-2.13.so
b7359000-b735b000 rw-p 00000000 00:00 0
b735b000-b74b3000 r-xp 00000000 09:03 94441      /lib/libc-2.13.so
b74b3000-b74b5000 r--p 00158000 09:03 94441      /lib/libc-2.13.so
b74b5000-b74b6000 rw-p 0015a000 09:03 94441      /lib/libc-2.13.so
b74b6000-b74b9000 rw-p 00000000 00:00 0
b74b9000-b74c0000 r-xp 00000000 09:03 94436      /lib/libwrap.so.0.7.6
b74c0000-b74c1000 r--p 00006000 09:03 94436      /lib/libwrap.so.0.7.6
b74c1000-b74c2000 rw-p 00007000 09:03 94436      /lib/libwrap.so.0.7.6
b74c2000-b74c3000 rw-p 00000000 00:00 0
b74c3000-b74cb000 r-xp 00000000 fd:05 415684     /usr/lib/libltdl.so.7.3.0
b74cb000-b74cc000 r--p 00007000 fd:05 415684     /usr/lib/libltdl.so.7.3.0
b74cc000-b74cd000 rw-p 00008000 fd:05 415684     /usr/lib/libltdl.so.7.3.0
b74cd000-b74d5000 r-xp 00000000 09:03 95555      /lib/libcrypt-2.13.so
b74d5000-b74d6000 r--p 00007000 09:03 95555      /lib/libcrypt-2.13.so
b74d6000-b74d7000 rw-p 00008000 09:03 95555      /lib/libcrypt-2.13.so
b74d7000-b74fe000 rw-p 00000000 00:00 0
b74fe000-b7570000 r-xp 00000000 fd:05 415866     /usr/lib/libgcrypt.so.11.6.0
b7570000-b7571000 r--p 00071000 fd:05 415866     /usr/lib/libgcrypt.so.11.6.0
b7571000-b7573000 rw-p 00072000 fd:05 415866     /usr/lib/libgcrypt.so.11.6.0
b7573000-b7588000 r-xp 00000000 fd:05 415201     /usr/lib/libsasl2.so.2.0.23
b7588000-b7589000 r--p 00014000 fd:05 415201     /usr/lib/libsasl2.so.2.0.23
b7589000-b758a000 rw-p 00015000 fd:05 415201     /usr/lib/libsasl2.so.2.0.23
b758a000-b7599000 r-xp 00000000 fd:05 415876     /usr/lib/libslp.so.1.0.1
b7599000-b759a000 r--p 0000e000 fd:05 415876     /usr/lib/libslp.so.1.0.1
b759a000-b759b000 rw-p 0000f000 fd:05 415876     /usr/lib/libslp.so.1.0.1
b759b000-b75b0000 r-xp 00000000 09:03 95576      /lib/libpthread-2.13.so
b75b0000-b75b1000 ---p 00015000 09:03 95576      /lib/libpthread-2.13.so
b75b1000-b75b2000 r--p 00015000 09:03 95576      /lib/libpthread-2.13.so
b75b2000-b75b3000 rw-p 00016000 09:03 95576      /lib/libpthread-2.13.so
b75b3000-b75b6000 rw-p 00000000 00:00 0
b75b6000-b7718000 r-xp 00000000 fd:05 415741     /usr/lib/libdb-4.8.so
b7718000-b771a000 r--p 00161000 fd:05 415741     /usr/lib/libdb-4.8.so
b771a000-b771c000 rw-p 00163000 fd:05 415741     /usr/lib/libdb-4.8.so
b771c000-b771f000 r-xp 00000000 09:03 94425      /lib/libuuid.so.1.3.0
b771f000-b7720000 r--p 00002000 09:03 94425      /lib/libuuid.so.1.3.0
b7720000-b7721000 rw-p 00003000 09:03 94425      /lib/libuuid.so.1.3.0
b7721000-b772c000 r-xp 00000000 fd:05 415281     /usr/lib/liblber-2.4.so.2.6.0
b772c000-b772d000 r--p 0000a000 fd:05 415281     /usr/lib/liblber-2.4.so.2.6.0
b772d000-b772e000 rw-p 0000b000 fd:05 415281     /usr/lib/liblber-2.4.so.2.6.0
b772e000-b7771000 r-xp 00000000 fd:05 414764     /usr/lib/libldap_r-2.4.so.2.6.0
b7771000-b7772000 r--p 00042000 fd:05 414764     /usr/lib/libldap_r-2.4.so.2.6.0
b7772000-b7773000 rw-p 00043000 fd:05 414764     /usr/lib/libldap_r-2.4.so.2.6.0
b7773000-b7774000 rw-p 00000000 00:00 0
b7776000-b777a000 r-xp 00000000 fd:05 376859     /usr/lib/sasl2/libcrammd5.so.2.0.23
b777a000-b777b000 r--p 00003000 fd:05 376859     /usr/lib/sasl2/libcrammd5.so.2.0.23
b777b000-b777c000 rw-p 00004000 fd:05 376859     /usr/lib/sasl2/libcrammd5.so.2.0.23
b777c000-b777f000 r-xp 00000000 fd:05 376855     /usr/lib/sasl2/libanonymous.so.2.0.23
b777f000-b7780000 r--p 00002000 fd:05 376855     /usr/lib/sasl2/libanonymous.so.2.0.23
b7780000-b7781000 rw-p 00003000 fd:05 376855     /usr/lib/sasl2/libanonymous.so.2.0.23
b7781000-b7782000 rw-p 00000000 00:00 0
b7782000-b779e000 r-xp 00000000 09:03 95796      /lib/ld-2.13.so
b779e000-b779f000 r--p 0001b000 09:03 95796      /lib/ld-2.13.so
b779f000-b77a0000 rw-p 0001c000 09:03 95796      /lib/ld-2.13.so
bfcc7000-bfce8000 rw-p 00000000 00:00 0          [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
 * start-stop-daemon: failed to start `/usr/lib/openldap/slapd'           [ !! ]
 * ERROR: slapd failed to start


Any hints?
_________________
Achille Talon Hop!


Last edited by AchilleTalon on Fri Feb 10, 2012 10:55 pm; edited 2 times in total
Back to top
View user's profile Send private message
DeIM
Apprentice
Apprentice


Joined: 11 Apr 2006
Posts: 293

PostPosted: Mon Jan 23, 2012 12:07 am    Post subject: Reply with quote

Hi, I'm far from pro, but actually solving different problem with OpenLDAP. Maybe I'll use GnuTLS in future :wink:

So, posting versions and USE flags of used packages (glibc openldap gnutls ...) could be good start.
Back to top
View user's profile Send private message
AchilleTalon
Guru
Guru


Joined: 11 Apr 2004
Posts: 368
Location: Montreal, Quebec, Canada

PostPosted: Mon Jan 23, 2012 7:18 pm    Post subject: Reply with quote

Quote:
emerge --info openldap gnutls openssl
Portage 2.1.10.41 (default/linux/x86/10.0, gcc-4.5.3, glibc-2.13-r4, 3.1.6-gentoo i686)
=================================================================
System Settings
=================================================================
System uname: Linux-3.1.6-gentoo-i686-Intel-R-_Celeron-R-_CPU_2.00GHz-with-gentoo-2.0.3
Timestamp of tree: Mon, 23 Jan 2012 17:15:01 +0000
distcc 3.1 i686-pc-linux-gnu [enabled]
ccache version 3.1.6 [enabled]
app-shells/bash: 4.1_p9
dev-java/java-config: 2.1.11-r3
dev-lang/python: 2.4.6, 2.5.4-r4, 2.6.6-r2, 2.7.2-r3, 3.1.4-r3
dev-util/ccache: 3.1.6
dev-util/cmake: 2.8.6-r4
dev-util/pkgconfig: 0.26
sys-apps/baselayout: 2.0.3
sys-apps/openrc: 0.9.8.1
sys-apps/sandbox: 2.5
sys-devel/autoconf: 2.68
sys-devel/automake: 1.10.3, 1.11.1
sys-devel/binutils: 2.21.1-r1
sys-devel/gcc: 4.5.3-r1
sys-devel/gcc-config: 1.4.1-r1
sys-devel/libtool: 2.4-r1
sys-devel/make: 3.82-r1
sys-kernel/linux-headers: 3.1 (virtual/os-headers)
sys-libs/glibc: 2.13-r4
Repositories: gentoo x-layman x-overlay
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA dlj-1.1 PUEL"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -march=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests binpkg-logs ccache distcc distlocks ebuild-locks fixlafiles news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS=""
GENTOO_MIRRORS="http://gentoo.mirrors.tera-byte.com/ http://gentoo.arcticnetwork.ca/source/ http://adelie.polymtl.ca/ http://gentoo.mirrors.tera-byte.com/ ftp://mirror.iawnet.sandia.gov/pub/gentoo/"
LANG="fr_CA.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/lib/layman /usr/local/overlay"
SYNC="rsync://pauli.cids.ca/gentoo-portage"
USE="aac acl aim alsa apache2 berkdb blas bsf bzip2 cgi cli cracklib crypt cscope ctype cups curl curlwrappers cxx dahdi db2 dbm dbx directfb doc dri dv emacs encode enscript examples exif expat fastcgi fbcon ffmpeg fftw flac flatfile fltk fontconfig foomaticdb gb gcj gd gdbm geoip ggi ginac glut gnutls gpg gphoto2 gpm gps gsl gssapi iconv icq idn ieee1394 imagemagick imap imlib inifile ipv6 ithreads jabber jadetex java javascript jbig jikes jingle jpeg junit kerberos lapack lash latex lcms ldap leim lesstif libcaca libedit libgda libnotify libsamplerate libwww lirc lm_sensors loop-aes maildir mailwrapper mbox mcal milter mime mmap mng modplug modules mpi mplayer msn mudflap mule mysql nas ncurses networkmanager nls nntp nptl nptlonly ocaml ocamlopt odbc ofx ogg openal openldap openmp openssl oscar pam pcmcia pcre pda perl pfpro php plotutils png posix postgres ppds pppd prefork prelude python radius raw readline rss ruby samba sasl scanner session sharedext sharedmem slang slp smartcard sndfile snmp soap sockets sox speex spl sqlite sqlite3 sse sse2 ssl svga symlink sysfs syslog sysvipc tcl tcpd tetex threads tokenizer truetype unicode usb vhosts vim-syntax vnc vorbis wavpack wddx wifi wmf x264 x86 xattr xinetd xml xmlrpc xorg xpm xsl xulrunner yahoo yaz zeroconf zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php-5.3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="vesa fbdev" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

=================================================================
Package Settings
=================================================================

net-nds/openldap-2.4.24 was built with the following:
USE="berkdb crypt cxx gnutls ipv6 kerberos odbc perl samba sasl slp ssl syslog tcpd -debug -experimental -icu -iodbc -minimal -overlays (-selinux) -smbkrb5passwd"
CFLAGS="-O2 -march=i686 -pipe -D_GNU_SOURCE"
CXXFLAGS="-O2 -march=i686 -pipe -D_GNU_SOURCE"


net-libs/gnutls-2.10.5 was built with the following:
USE="cxx doc examples nls zlib -bindist -guile -lzo -test"


dev-libs/openssl-1.0.0f-r1 was built with the following:
USE="kerberos sse2 zlib -bindist -gmp -rfc3779 -static-libs -test"
CFLAGS="-O2 -march=i686 -pipe -fno-strict-aliasing -Wa,--noexecstack"
CXXFLAGS="-O2 -march=i686 -pipe -fno-strict-aliasing -Wa,--noexecstack"



slapd.conf

Code:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include      /etc/openldap/schema/core.schema
include      /etc/openldap/schema/cosine.schema
include      /etc/openldap/schema/inetorgperson.schema
include      /etc/openldap/schema/kerberos.schema
include      /etc/openldap/schema/java.schema
include      /etc/openldap/schema/dhcp.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral   ldap://root.openldap.org

pidfile      /var/run/openldap/slapd.pid
argsfile   /var/run/openldap/slapd.args
TLSCipherSuite        HIGH:+SSLv3:+SSLv2
TLSCACertificateFile  /etc/ssl/certs/cacert.pem
TLSCertificateFile    /etc/openldap/ssl/slapd.cert
TLSCertificateKeyFile /etc/openldap/ssl/slapd.key
TLSVerifyClient       demand

#######################################################################
# BDB database definitions
#######################################################################

database      bdb
suffix                "dc=cids,dc=ca"
#           <kbyte> <min>
checkpoint    32      30
rootdn                "cn=Manager,dc=cids,dc=ca"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw                {SSHA}1234567890abcdefghijklmnopqrstuvwxyz
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory   /var/lib/openldap-data
# Indices to maintain
index   objectClass   eq

database config


Certificates and keys where generated with OpenSSL. And I established my own CA. All these using the CA.pl script in the /etc/ssl/misc directory. The error happens as soon as one or more of these are defined: TLSCACertificateFile, TLSCertificateFile and/or TLSCertificateKeyFile. The TLSCipherSuite and TLSVerifyClient don't lead to any error for now and the slapd starts fine with these two defined.
_________________
Achille Talon Hop!
Back to top
View user's profile Send private message
AchilleTalon
Guru
Guru


Joined: 11 Apr 2004
Posts: 368
Location: Montreal, Quebec, Canada

PostPosted: Fri Feb 10, 2012 10:53 pm    Post subject: DON'T USE GnuTLS with OPENLDAP!!!! Reply with quote

Here is the answer: DON'T USE GnuTLS with OPENLDAP!!!!

Rebuilt everything with -gnutls flag for OpenLDAP and it solves all my problems with this part of the setup.
_________________
Achille Talon Hop!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum