[Issue 9946] New: TLS: could not load verify locations

Fri, 04 Nov 2022 03:13:12 -0700 

https://bugs.openldap.org/show_bug.cgi?id=9946

          Issue ID: 9946
           Summary: TLS: could not load verify locations
           Product: OpenLDAP
           Version: unspecified
          Hardware: x86_64
                OS: Linux
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: slapd
          Assignee: b...@openldap.org
          Reporter: hrishikesh.d...@gmail.com
  Target Milestone: ---

Hi, 
Am seeing below errors on one of ldap proxy server --ANy clue how to fix it ?

===============
635a3252 openotp_parse_conf: global: server_url =
https://iad37-c-sec-afe-01.us6.oraclecloud.com:443/openotp/,https://ch3-c-sec-afe-01.us2.oraclecloud.com:443/openotp/
635a3252 openotp_parse_conf: global: soap_timeout = 10
635a3252 openotp_parse_conf: global: user_settings = ChallengeMode=No
635a3252 openotp_parse_conf: global: uid_attribute = uid, cn
635a3252 openotp_parse_conf: global: client_id = LDAP
635a3252 openotp_parse_conf: global: default_domain = oraclecloud
635a3252 openotp_parse_conf: global: server_policy = 1
635a3252 openotp_parse_conf: global: status_cache = 10
635a3252 openotp_parse_conf: global: nolock_usernames =
ldapro-oci-sharedservices,ldapro-saas,ldapro-sbs
635a3252 openotp_parse_conf: global: denied_usernames = (none)
635a3252 openotp_init: Initializing libopenotp
TLS: could not load verify locations (file:`/opt/ldproxy/conf/ca.crt',dir:`').
TLS: error:02001002:system library:fopen:No such file or directory
bss_file.c:175
TLS: error:2006D080:BIO routines:BIO_new_file:no such file bss_file.c:182
TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system
lib by_file.c:253
635a3252 main: TLS init def ctx failed: -1
635a3252 slapd stopped.
635a3252 connections_destroy: nothing to destroy.

===========
Not seeing anything when checked on location specified from logs :
[root@ldap-proxy-01 certs]# ls -l /opt/ldproxy
total 0
drwxr-xr-x. 2 root root 48 Nov  4 08:27 logs
[root@ldap-proxy-01 certs]# 

==============

ldap.conf file looks  as below :

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

TLS_CACERTDIR   /etc/openldap/certs

# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON    on

Any help /clue is much appreciated

-- 
You are receiving this mail because:
You are on the CC list for the issue.

Reply via email to