Univention Bugzilla – Bug 57317
slapd did not start during initial setup due to missing SSL certificate
Last modified: 2024-05-23 13:42:45 CEST
Seen (once) in the Jenkins jobs (5.0-7): slapd did not start during the initial setup, thus the join could not complete and the whole job failed. From the syslog: May 22 23:21:28 unassigned-hostname root: /etc/init.d/slapd start (pid: 4671, ppid: 1 systemd) May 22 23:21:28 unassigned-hostname slapd[4734]: @(#) $OpenLDAP: slapd (May 17 2024 16:20:42) $#012#011Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> May 22 23:21:28 unassigned-hostname slapd[4734]: main: TLS init def ctx failed: -1 May 22 23:21:28 unassigned-hostname slapd[4734]: slapd stopped. May 22 23:21:28 unassigned-hostname slapd[4734]: connections_destroy: nothing to destroy. May 22 23:21:28 unassigned-hostname slapd[4671]: Starting ldap server(s): slapd ...failed. May 22 23:21:28 unassigned-hostname systemd[1]: slapd.service: Control process exited, code=exited, status=1/FAILURE May 22 23:21:28 unassigned-hostname systemd[1]: slapd.service: Failed with result 'exit-code'. May 22 23:21:28 unassigned-hostname systemd[1]: Failed to start LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Additional info: In the setup.log one can see this: Slapd failed to start during the certificate generation. Somehow this looks like slapd is restarted while the certificate is still actively being created: [master091] 2024-05-22T21:21:14.107185 __MSG__:Backing up old SSL certificate [master091] 2024-05-22T21:21:14.170418 Wed May 22 23:21:14 CEST 2024 [master091] 2024-05-22T21:21:14.170828 __STEP__:5 [master091] 2024-05-22T21:21:14.176389 __MSG__:Generating SSL CA certificate. [master091] 2024-05-22T21:21:20.227595 Generating RSA private key, 2048 bit long modulus (2 primes) [master091] 2024-05-22T21:21:20.690903 ...........................................................................................................................+++++ [master091] 2024-05-22T21:21:20.951841 ....................................................................+++++ [master091] 2024-05-22T21:21:20.952099 e is 65537 (0x010001) [master091] 2024-05-22T21:21:20.995697 Clearing symlinks in /etc/ssl/certs... [master091] 2024-05-22T21:21:23.247696 done. [master091] 2024-05-22T21:21:23.247696 Updating certificates in /etc/ssl/certs... [master091] 2024-05-22T21:21:26.740889 137 added, 0 removed; done. [master091] 2024-05-22T21:21:26.740889 Running hooks in /etc/ca-certificates/update.d... [master091] 2024-05-22T21:21:26.748018 done. [master091] 2024-05-22T21:21:26.833972 Getting request Private Key [master091] 2024-05-22T21:21:26.834119 Generating certificate request [master091] 2024-05-22T21:21:26.881403 Using configuration from /etc/univention/ssl/openssl.cnf [master091] 2024-05-22T21:21:26.933462 __STEP__:7 [master091] 2024-05-22T21:21:26.940830 __STEP__:9 [master091] 2024-05-22T21:21:28.954878 Job for slapd.service failed because the control process exited with error code. [master091] 2024-05-22T21:21:28.954878 See "systemctl status slapd.service" and "journalctl -xe" for details. [master091] 2024-05-22T21:21:30.549470 __STEP__:10 [master091] 2024-05-22T21:21:31.712566 Creating certificate: master091.AutoTest091.test [master091] 2024-05-22T21:21:32.873343 ldap_start_tls: Can't contact LDAP server (-1) [master091] 2024-05-22T21:21:33.975019 ldap_start_tls: Can't contact LDAP server (-1) [master091] 2024-05-22T21:21:35.069139 ldap_start_tls: Can't contact LDAP server (-1) [master091] 2024-05-22T21:21:36.156258 ldap_start_tls: Can't contact LDAP server (-1) [master091] 2024-05-22T21:21:37.267435 ldap_start_tls: Can't contact LDAP server (-1) [master091] 2024-05-22T21:21:38.361143 ldap_start_tls: Can't contact LDAP server (-1) [master091] 2024-05-22T21:21:39.445981 ldap_start_tls: Can't contact LDAP server (-1) [master091] 2024-05-22T21:21:40.526812 ldap_start_tls: Can't contact LDAP server (-1) [master091] 2024-05-22T21:21:41.601464 ldap_start_tls: Can't contact LDAP server (-1) [master091] 2024-05-22T21:21:42.683585 ldap_start_tls: Can't contact LDAP server (-1) [master091] 2024-05-22T21:21:43.755122 ldap_start_tls: Can't contact LDAP server (-1) [master091] 2024-05-22T21:21:46.295260 Generating RSA private key, 2048 bit long modulus (2 primes) [master091] 2024-05-22T21:21:46.558903 ...................................................................+++++ [master091] 2024-05-22T21:21:46.884414 ........................................................................................+++++ [master091] 2024-05-22T21:21:46.884632 e is 65537 (0x010001) [master091] 2024-05-22T21:21:47.127688 Using configuration from /etc/univention/ssl/openssl.cnf [master091] 2024-05-22T21:21:47.128246 Check that the request matches the signature [master091] 2024-05-22T21:21:47.130250 Signature ok [master091] 2024-05-22T21:21:47.130346 The Subject's Distinguished Name is as follows [master091] 2024-05-22T21:21:47.130836 countryName :PRINTABLE:'DE' [master091] 2024-05-22T21:21:47.141733 stateOrProvinceName :PRINTABLE:'DE' [master091] 2024-05-22T21:21:47.142319 localityName :PRINTABLE:'DE' [master091] 2024-05-22T21:21:47.142999 organizationName :PRINTABLE:'DE' [master091] 2024-05-22T21:21:47.145322 organizationalUnitName:PRINTABLE:'Univention Corporate Server' [master091] 2024-05-22T21:21:47.147112 commonName :PRINTABLE:'master091.AutoTest091.test' [master091] 2024-05-22T21:21:47.147626 emailAddress :IA5STRING:'ssl@' [master091] 2024-05-22T21:21:47.147940 Certificate is to be certified until May 21 21:21:46 2029 GMT (1825 days) [master091] 2024-05-22T21:21:47.148077 Write out database with 1 new entries [master091] 2024-05-22T21:21:47.148152 Data Base Updated