7. LDAP

7.1. Errormessage: Connection refused.

This occurs if OpenCA cannot make a connection to the LDAP directory. Make sure that the ldap server is running and is listening on the correct port. Make sure that the settings in ldap.xml match your ldap server settings.

7.2. Errormessage: Bind failed. Errorcode 49.

A connection has been made to the ldap server, but the credentials to log into the server as admin are wrong. The bind operation is performed after the connection is established. Check the login (the LDAP administrator's DN) and passwd (the password of the ldap administrator).

7.3. The resultcode of the nodeinsertion was 65.

This sometimes means that OpenCA could not insert the appropriate entry for a certificate (the exact definition is LDAP_OBJECT_CLASS_VIOLATION). Check that you have the directory started with the appropriate schemas (core, cosine, inetorperson and openca). They are usually specified in slapd.conf.

7.4. How can I get more debugging messages from OpenCA's LDAP code?

You can get more debugging informations by turning on debugging in OPENCADIR/etc/ldap.xml (i.e. <debug>1</debug>). The most functions support this paramter.

7.5. How can I get more debugging messages from OpenLDAP?

The logging messages of OpenLDAP are sent to syslogd. OpenLDAP uses the facility local4. You can find the files which contain the logs in /etc/syslog.conf. Simply search for the files which will be used by local4.

If you need more informations than be in the log files from syslogd then you have to tune the configuration of OpenLDAP. Usually there is a file /etc/openldap/slapd.conf which contain the configuration. The logging information will be configured with the option loglevel. This is a bitmap with eleven bits today. A loglevel of 63 mean that the bits one to five are set. A good choice is 63 for a first debugging session. You can read the details in man slapd.conf.