Forums

Resolved
0 votes
Hello! I was try to reboot my system and I was try to restore my oldest backup but still account system is offline. I only can use the default root user. My configured accounts doesn't work. I don't able to login just the root only.
Saturday, July 21 2018, 04:33 PM
Share this post:
Responses (4)
  • Accepted Answer

    Sunday, July 22 2018, 12:17 PM - #Permalink
    Resolved
    0 votes
    Do you have an /etc/openldap/slapd.d folder?

    Also, what is line 63 of /etc/openldap/slapd.conf?
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, July 22 2018, 09:13 AM - #Permalink
    Resolved
    0 votes
    Hello! I dont give any errors


    [root@gateway ~]# slapd -h "ldap://127.0.0.1/" -u ldap -f "/etc/openldap/slapd.conf" -d 256
    5b544a1b @(#) $OpenLDAP: slapd 2.4.44 (Aug 12 2017 06:10:11) $
    mockbuild@build64-1.clearsdn.local:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
    5b544a1b /etc/openldap/slapd.conf: line 63: invalid path: No such file or directory
    5b544a1b slapd stopped.
    5b544a1b connections_destroy: nothing to destroy.

    Thank you I was write an email about my problem to the support.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, July 21 2018, 08:33 PM - #Permalink
    Resolved
    0 votes
    I've seen your ticket, thanks. If it is not a certificate problem the devs may not be interested. What did you see from starting OpenLDAP in debug mode?

    Also please post your OpenVPN problem to a separate thread in the forum although there may be a chance they are linked.

    [edit]
    Also do you have an /etc/openldap/slapd.d folder. You should not, but if you do, it may be part of an older problem.
    [/edit]
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, July 21 2018, 05:06 PM - #Permalink
    Resolved
    0 votes
    Has your system just upgraded to 7.5? ("cat /etc/clearos_release")

    Please can you try starting LDAP from the command line in debug mode:
    slapd -h "ldap://127.0.0.1/" -u ldap -f "/etc/openldap/slapd.conf" -d 256
    If you get a certificate error something like:
    $ slapd -h "ldap://127.0.0.1/" -u ldap -f "/etc/openldap/slapd.conf" -d 256
    5b4055f3 @(#) $OpenLDAP: slapd 2.4.44 (Jul 4 2018 20:05:05) $
    mockbuild@build64-1.clearsdn.local:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
    TLSMC: MozNSS compatibility interception begins.
    tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present.
    tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only.
    TLSMC: MozNSS compatibility interception ends.
    TLS: could not use key file `/etc/openldap/certs/clearos-key.pem'.
    TLS: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch x509_cmp.c:341
    5b4055f3 main: TLS init def ctx failed: -1
    5b4055f3 slapd stopped.

    5b4055f3 connections_destroy: nothing to destroy.
    Please try copying in your certificates again. Details are in this post. If it works, please post back to say it is working.

    If it did not work and you don't need LDAP right now, please can you raise a ticket at clearcenter.com and provide remote login credentials @ https://secure.clearcenter.com/portal/system_password.jsp. Raise the ticket as a general enquiry and they will provide free support. They really want to troubleshoot this one.

    If you do need LDAP now and can't wait, you'll need to downgrade openlap:
    yum downgrade openldap openldap-servers openldap-clients
    Then block the re-upgrade by adding a line to /etc/yum.conf:
    exclude=openldap*
    If you could then raise a ticket and agree a suitable time for the devs to have a look, they can log in, re-upgrade openldap and troubleshoot. Mention in the ticket that you have blocked openldap from upgrading.

    If you can work with the devs on this one, it would be greatly appreciated. Clearly it is Saturday now so I don't know when they will be around, but as 7.5 has just come out, they may be on standby for issues.

    [edit]
    Also, can you send them a configuration backup from prior to the update because they may be able to troubleshoot from that as well? If you can e-mail it to developer@clearfoundation.com they will pick it up.
    [/edit]
    The reply is currently minimized Show
Your Reply