That's an error in the script you're launching at startup. I don't know what it is, but I'd bet there's an unquoted '[' character somewhere that is only evaluated when TLS LDAP is enabled. (see the '-bash: ' at the beginning of the line? That tells you that bash is generating the error message.)
-Kyle H On Fri, May 29, 2009 at 1:34 PM, John Kane <john.k...@prodeasystems.com> wrote: > I just turned on TLS on my LDAP (per instructions on > http://www.openldap.org/faq/data/cache/185.html). Now all of my Linux > servers give the following error on login: > > -bash: [: =: unary operator expected > > The error goes away when I turn TLS back off. I cannot determine what > is causing this error, or even which file contains the error. I've gone > through my LDAP config file, cannot find an issue in any of these. > > Other than my cacert.pem, and the LDAP config files, are there other > files that are read only when TLS is turned on? > > Thanks, > John > > ++++ Here's my configs ++++ > > I turn on TLS by adding the following in my /etc/ldap.conf (pam/nss > file): > > ssl start_tls > tls_checkpeer yes > tls_cacertfile /etc/openldap/cacerts/cacert.pem > tls_cacertdir /etc/openldap/cacerts/ > > > and have the following in my /etc/openldap/ldap.conf (openldap file): > > HOST 172.25.3.97 > BASE dc=example,dc=net > TLS_CACERTDIR /etc/openldap/cacerts/ > TLS_REQCERT allow > > and my (self-signed) cacert: > > [r...@serverx cacerts]# openssl x509 -text -in > /etc/openldap/cacerts/cacert.pem > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 0 (0x0) > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=US, ST=Utah, O=Bigtime CA, OU=Signers, CN=Integration > Root CA/emailaddress=john.sm...@myco.com > Validity > Not Before: May 28 04:37:13 2009 GMT > Not After : May 27 04:37:13 2012 GMT > Subject: C=US, ST=Utah, O=Bigtime CA, OU=Signers, CN=Integration > Root CA/emailaddress=john.sm...@myco.com > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > Modulus (1024 bit): > 00:b3:bf:f0:18:5d:7e:57:0a:ce:15:3c:28:2a:81: > 6d:e6:c5:31:98:7e:cc:09:03:d2:28:f2:33:3e:88: > 11:5f:7d:e1:18:33:38:7d:f5:fa:9d:89:a8:95:16: > 08:00:81:08:29:ac:37:b3:b1:2b:f3:20:52:15:d7: > 19:44:92:9c:45:e7:2e:58:fe:7e:07:d4:1f:5a:ad: > 59:91:37:84:14:a8:4e:df:54:a2:62:66:38:9b:f0: > cf:48:01:68:0d:3a:7c:93:83:02:48:e0:76:a1:5c: > f9:05:3b:49:1e:03:9a:fd:ea:ee:79:f7:87:66:96: > b0:69:39:e1:e6:1a:bd:9e:0d > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Basic Constraints: > CA:FALSE > Netscape Comment: > OpenSSL Generated Certificate > X509v3 Subject Key Identifier: > > 0B:FB:7D:0B:0D:17:A3:CD:79:02:A3:A3:92:57:15:6F:DE:38:07:3C > X509v3 Authority Key Identifier: > > keyid:0B:FB:7D:0B:0D:17:A3:CD:79:02:A3:A3:92:57:15:6F:DE:38:07:3C > > Signature Algorithm: sha1WithRSAEncryption > 28:52:3d:9c:90:d1:89:00:d7:9d:3b:06:a6:32:28:e8:c0:8d: > 9d:5a:0b:79:bb:1a:c9:1a:8d:c6:3a:a5:ec:5d:4c:9f:20:4c: > c6:1e:41:df:7d:d5:fc:45:09:2b:4b:7c:ff:38:aa:ea:33:a0: > 4a:be:7c:84:7c:58:e8:98:9b:c9:0e:4b:5b:11:c6:28:84:b1: > 3f:bb:30:03:f6:38:40:9f:2d:32:bc:3a:97:b8:6f:fd:aa:9f: > 67:a6:27:07:53:b2:40:41:86:b7:02:f2:6b:07:6f:1b:74:87: > 63:3b:1b:89:13:08:cb:32:f0:3c:3b:5e:d6:df:e3:91:19:86: > 7a:d4 > -----BEGIN CERTIFICATE----- > MIIDDzCCAnigAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UERhMCVVMx > DjAMBgNVBAgTBVRleGFzMRMwEQYDVQQKEwpCaWd0aW1lIENBMRAwDgYDVQQLEwdT > aWduZXJzMRwwGgYDVQQDExNJbnRlZ3JhdGlvbiBSb290IENBMSowKAYJKoZIhvcN > AQkBFhtqb2huLmthbmVAcHJvZGVhc3lzdGV3cy5jb20wHhcNMDkwNTI4MDQzNzEz > WhcNMTIwNTI3MDQzNzEzWjCBjjELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFz > MRMwEQYDVQQKEwpCaWd0aW1lIENBMRAwDgYDVQQLEwdTaWduZXJzMRwwGgYDVQQD > ExNJbnRlZ3JhdGlvbiBSb290IENBMSowKAYJKoZIhvcNAQkBFhtqb2huLmthbmVA > cHJvZGVhc3lzdGVtcy5jb20wgZ8wDQYJKoZIhvcNAQE1BQADgY0AMIGJAoGBALO/ > 8BhdflcKzhU8KCqBbebFMZh+xAkD0ijyMz6IEV994RgzNX31+p2JqJUWCACBCCms > N7OxK/MgUhXXGUSSnEXnLlj+fgfUH1qtWZE3hBSoTd9UomJmOJvwz0gBaA06fJOD > AkjgdqFc+QU7SR4Dmv3q7nn3h2aWsGl54eYavZ4NAgMBAAGjezB5MAkGA1UdEwQC > MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl > MB0GA1UdDgQWBBQL+30LDRejzXkCo6OSVxVv3jgHPfAfBgNVHSMEGDAWgBQL+30L > DRejzXkCo6OSVxVv3jgHPDANBgkqhkiG9w0BAQUFAAOBgQAoUj2ckOGJANedOwam > MijowI2dWgt5uxrJGo3GOqXsXUyfIEzGHkHffdD8RQkrS3z/OKrqM6BKvnyEfFjo > mJ7JDktbEcYohLE/uzAD9jhAny0yvDqXuG/9qp9npicHU7JAQYa3AvJrB28bdIdo > OxuJEwjLNvA8O17W3+ORGYZ61A== > -----END CERTIFICATE----- > > > > > > This message is confidential to Prodea Systems, Inc unless otherwise indicated > or apparent from its nature. This message is directed to the intended > recipient > only, who may be readily determined by the sender of this message and its > contents. If the reader of this message is not the intended recipient, or an > employee or agent responsible for delivering this message to the intended > recipient:(a)any dissemination or copying of this message is strictly > prohibited; and(b)immediately notify the sender by return message and destroy > any copies of this message in any form(electronic, paper or otherwise) that > you > have.The delivery of this message and its information is neither intended to > be > nor constitutes a disclosure or waiver of any trade secrets, intellectual > property, attorney work product, or attorney-client communications. The > authority of the individual sending this message to legally bind Prodea > Systems > is neither apparent nor implied,and must be independently verified. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org