bluephoenix Tux's lil' helper
Joined: 01 Nov 2008 Posts: 94
|
Posted: Sun Aug 23, 2015 12:06 pm Post subject: I cannot launch openldap [solved] |
|
|
Dears,
I roughly follow https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP to install and try to enable openldap in my server. But I get the following error message:
Code: |
SLYWE01COLORFUL openldap # service slapd start
Authenticating root.
Password:
* Starting ldap-server ...
* start-stop-daemon: failed to start `/usr/lib64/openldap/slapd' [ !! ]
* ERROR: slapd failed to start
|
My log file has the similar output:
Code: | Aug 23 19:26:45 SLYWE01COLORFUL slapd[1241]: @(#) $OpenLDAP: slapd 2.4.38 (Jul 13 2015 02:49:33) $
@SLYWE01COLORFUL:/var/tmp/portage/net-nds/openldap-2.4.38-r2/work/openldap-2.4.38-abi_x86_64.amd64/servers/slapd
Aug 23 19:26:45 SLYWE01COLORFUL slapd[1244]: DIGEST-MD5 common mech free
Aug 23 19:26:45 SLYWE01COLORFUL /etc/init.d/slapd[1240]: start-stop-daemon: failed to start `/usr/lib64/openldap/slapd'
Aug 23 19:26:45 SLYWE01COLORFUL /etc/init.d/slapd[1223]: ERROR: slapd failed to start
|
My slapd.conf is as follows:
Code: |
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
#loglevel 296
#replogfile /var/log/ldap.log
# Load dynamic backend modules:
# modulepath /usr/lib64/openldap/openldap
# moduleload back_sock.so
# moduleload back_shell.so
# moduleload back_relay.so
# moduleload back_passwd.so
# moduleload back_null.so
# moduleload back_monitor.so
# moduleload back_meta.so
# moduleload back_ldap.so
# moduleload back_dnssrv.so
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
by self write
by users read
by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database hdb
suffix "dc=uyangwei,dc=cn"
# <kbyte> <min>
checkpoint 32 30
rootdn "cn=Manager,dc=uyangwei,dc=cn"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}fUJUu9xJpIs3CQX2uF3ZgykBV+yZD0ZD
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/openldap-data
# Indices to maintain
index objectClass eq
|
I passed both the following verification:
Code: |
slaptest -v -d 1 -f /etc/openldap/slapd.conf
slaptest -v -d 1 -F /etc/openldap/slapd.d
|
I am using SELinux arch but only let it works in alert mode, I don't think this impacts the issue.
So what's wrong with my configuration?
Last edited by bluephoenix on Tue Sep 01, 2015 11:46 pm; edited 1 time in total |
|