Friday, 13 September 2013

Mac OS X Lion slapd problem after changing certificate

After changing the self-signed certificate on Mac OS X Lion Server the slapd process would not start, the log revealed messages:

Sep 13 14:50:35 crab slapd[12125]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 24 2012 23:35:56) $
root@grace.apple.com:/private/var/tmp/OpenLDAP/OpenLDAP-186.5~1/servers/slapd
Sep 13 14:50:35 crab slapd[12125]: daemon: SLAP_SOCK_INIT: dtblsize=8192
Sep 13 14:50:35 crab slapd[12125]: main: TLS init def ctx failed: -1
Sep 13 14:50:35 crab slapd[12125]: slapd stopped.

Eventually after reading about slapd and running
/usr/libexec/slapd -d -1

I found this was because slapd was using the configuration in
/private/etc/openldap/slapd.d
instead of
/private/etc/openldap/slapd.conf

the former overriding the latter.  Unfortunately it seems the "Server Admin" GUI does not update slapd.d!  I tried running
/usr/libexec/slapd -f /private/etc/openldap/slapd.conf -F /private/etc/openldap/slapd.d
as recommended, but this did not update the existing slapd.d files.

Finally I just moved slapd.d to slapd.d.sav and the slapd process then started successfully.