# net-nds/openldap-2.4.35-r1: slapd failed to start

## mys_721tx

Hello all,

I decided to unemerge and emerge my openldap today. It turns out that my old configuration does not work anymore.

Here is a piece of log from /var/log/message:

```
Nov 20 21:58:22 talon slapd[26856]: @(#) $OpenLDAP: slapd 2.4.35 (Nov 20 2013 21:26:37) $

        @talon:/var/tmp/portage/net-nds/openldap-2.4.35-r1/work/openldap-2.4.35/servers/slapd

Nov 20 21:58:22 talon slapd[26856]: main: TLS init def ctx failed: -1

Nov 20 21:58:22 talon slapd[26856]: slapd stopped.

Nov 20 21:58:22 talon slapd[26856]: connections_destroy: nothing to destroy.

Nov 20 21:58:22 talon /etc/init.d/slapd[26855]: start-stop-daemon: failed to start `/usr/lib64/openldap/slapd'

Nov 20 21:58:22 talon /etc/init.d/slapd[26781]: ERROR: slapd failed to start

```

The result from google shows that "TLS init def ctx failed: -1" is usually caused by permission errors of certificates and/or keys. However, everything was working before I unmerged it. (Apache and postfix works fine when the TLS key is only readable to root, and slaps was that way too.)

Could anyoneshine some light on the problem?

----------

## mys_721tx

emerge --info

```

Portage 2.2.7 (default/linux/amd64/13.0, gcc-4.7.3, glibc-2.15-r3, 3.10.17-gentoo x86_64)

=================================================================

System uname: Linux-3.10.17-gentoo-x86_64-Intel-R-_Xeon-R-_CPU_E5-2670_0_@_2.60GHz-with-gentoo-2.2

KiB Mem:     1010928 total,    157436 free

KiB Swap:    4194300 total,   4180408 free

Timestamp of tree: Sat, 16 Nov 2013 04:00:01 +0000

ld GNU ld (GNU Binutils) 2.23.1

ccache version 3.1.9 [disabled]

app-shells/bash:          4.2_p45

dev-lang/python:          2.7.5-r3, 3.2.5-r3

dev-util/ccache:          3.1.9

dev-util/cmake:           2.8.11.2

dev-util/pkgconfig:       0.28

sys-apps/baselayout:      2.2

sys-apps/openrc:          0.11.8

sys-apps/sandbox:         2.6-r1

sys-devel/autoconf:       2.13, 2.69

sys-devel/automake:       1.11.6, 1.13.4

sys-devel/binutils:       2.23.1

sys-devel/gcc:            4.7.3-r1

sys-devel/gcc-config:     1.7.3

sys-devel/libtool:        2.4.2

sys-devel/make:           3.82-r4

sys-kernel/linux-headers: 3.9 (virtual/os-headers)

sys-libs/glibc:           2.15-r3

Repositories: gentoo ruby cirno local_overlay

ACCEPT_KEYWORDS="amd64"

ACCEPT_LICENSE="* -@EULA"

CBUILD="x86_64-pc-linux-gnu"

CFLAGS="-march=core2 -mtune=generic -O2"

CHOST="x86_64-pc-linux-gnu"

CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/bind"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"

CXXFLAGS="-march=core2 -mtune=generic -O2"

DISTDIR="/usr/portage/distfiles"

FCFLAGS="-O2 -pipe"

FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"

FFLAGS="-O2 -pipe"

GENTOO_MIRRORS="http://distfiles.gentoo.org"

LANG="en_US.utf8"

LDFLAGS="-Wl,-O1 -Wl,--as-needed"

MAKEOPTS="-j4"

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

PORTDIR_OVERLAY="/var/lib/layman/ruby /var/lib/layman/cirno /usr/local/portage"

USE="acl amd64 berkdb bzip2 cli cracklib crypt cxx dri fortran gdbm iconv ipv6 mmx modules mudflap multilib ncurses nls nptl openmp pam pcre readline session sse sse2 ssl tcpd unicode zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="*" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en" NGINX_MODULES_HTTP="*" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby19 ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON

```

emerge -ptv openldap

```

These are the packages that would be merged, in reverse order:

Calculating dependencies... done!

[ebuild   R    ] net-nds/openldap-2.4.35-r1  USE="berkdb crypt ipv6 ssl syslog tcpd -cxx -debug -experimental -gnutls -icu -iodbc -kerberos -minimal -odbc -overlays -perl -samba -sasl (-selinux) -slp -smbkrb5passwd" 0 kB

Total: 1 package (1 reinstall), Size of downloads: 0 kB

```

cat /etc/openldap/slapd.conf

```

include      /etc/openldap/schema/core.schema

include /etc/openldap/schema/cosine.schema

include /etc/openldap/schema/inetorgperson.schema

include /etc/openldap/schema/nis.schema

include   /etc/openldap/schema/misc.schema

include /etc/openldap/schema/openssh-lpk.schema

pidfile      /var/run/openldap/slapd.pid

argsfile   /var/run/openldap/slapd.args

loglevel 0

database   hdb

suffix      "dc=example,dc=com"

#         <kbyte> <min>

checkpoint   32   30 

rootdn      "cn=Manager,dc=example,dc=com"

rootpw      "{secret}"

directory   /var/lib/openldap-data

index   objectClass   eq

index    entryUUID eq

index   uid   pres,eq

index   mail   pres,sub,eq

index   cn   pres,sub,eq

index   sn   pres,sub,eq

index   dc   eq

#TLSCipherSuite HIGH:-SSLv2:!aNULL:!eNULL:!EXP:!LOW:!MD5

#TLSCACertificateFile /etc/ssl/openldap/ca.crt

#TLSCertificateFile /etc/ssl/openldap/server.crt

#TLSCertificateKeyFile /etc/ssl/openldap/server.key

#TLSVerifyClient never

access to attrs="userPassword"

   by self write

   by anonymous auth

   by * none

access to *

   by self write

   by * read

```

----------

