This occurs if OpenCA cannot make a connection to the LDAP
directory. Make sure that the ldap server is running and is
listening on the correct port. Make sure that the settings in
ldap.xml
match your ldap server settings.
A connection has been made to the ldap server, but the
credentials to log into the server as admin are wrong. The bind
operation is performed after the connection is established.
Check the login
(the LDAP administrator's DN)
and passwd
(the password of the ldap
administrator).
This sometimes means that OpenCA could not insert the
appropriate entry for a certificate (the exact definition is
LDAP_OBJECT_CLASS_VIOLATION
). Check that
you have the directory started with the appropriate schemas
(core, cosine, inetorperson and openca). They are usually
specified in slapd.conf
.
You can get more debugging informations by turning on debugging
in OPENCADIR/etc/ldap.xml
(i.e. <debug>1</debug>
). The
most functions support this paramter.
The logging messages of OpenLDAP are sent to syslogd. OpenLDAP
uses the facility local4. You can find the files which contain
the logs in /etc/syslog.conf
. Simply search
for the files which will be used by local4.
If you need more informations than be in the log files from
syslogd then you have to tune the configuration of OpenLDAP.
Usually there is a file
/etc/openldap/slapd.conf
which contain the
configuration. The logging information will be configured
with the option loglevel
. This is a bitmap with
eleven bits today. A loglevel of 63 mean that the bits one to
five are set. A good choice is 63 for a first debugging session.
You can read the details in man slapd.conf.