LDAP won't start properly [solved]

Message

daeghrefn · Post by **daeghrefn** » Fri May 20, 2005 3:23 am

Okay, I come home after doing some errands, and it was storming, and we lost power.
I'm not rich, so my linux box doesn't have a UPS, so needless to say it lost power.

So I boot it back up, and during the boot process, I notice this, when ldap tries to start:

Code: Select all

* Starting ldap-server...
Can't open perl script "-e": Permission denied.
Use -S to search $PATH for it.

I thought it might be the init scripts, so I checked them, but nothing's changed. I switched it to verbose mode (from quiet) and did:

Code: Select all

# /etc/init.d/slapd stop
# /etc/init.d/slapd start
* Starting ldap-server...
Starting /usr/lib/openldap/slapd...
Can't open perl script "-e": Permission denied.
Use -S to search $PATH for it.

I tried to re-emerge openldap, but no joy. No configurations have changed, so I have no idea what the problem is.

Currently running openldap-2.1.30-r4

Anyone have any ideas?

I can post applicable config files as necessary.

Thanks in advance.

EDIT: It appears that the /dev/null stuff was messed up from a UDEV upgrade.

converter · Post by **converter** » Fri May 20, 2005 10:56 am

This sounds like filesystem corruption to me. Boot from a recovery CD and fsck your partitions.

daeghrefn · Post by **daeghrefn** » Fri May 20, 2005 6:18 pm

Okay, used a live CD and ran:

Code: Select all

livecd # xfs_repair /dev/hda3

and it said it fixed a bunch of stuff. so I rebooted and still getting the same error.
Tried re-emerging openldap and baselayout again. Not sure what to do at this point.

Since I was using LDAP to authenticate my other linux boxes, I'm kinda SOL until I can get this sucker back online.

should I take the plunge and emerge -e world?

I've looked at the permissions for /etc/init.d/ and /etc/conf.d/ and /usr/lib/openldap/ and they all look good.

So I'm still not sure what's going on at this time.

Any more thoughts?

converter · Post by **converter** » Sat May 21, 2005 1:03 am

Silly question: have you searched your disk for a file named -e? If there is one, what are the perms?

edit

Code: Select all

$ ls -l -- -e
-rw-------  1 root root 15 May 20 20:03 -e
$ perl ./-e
Can't open perl script "./-e": Permission denied.
Use -S to search $PATH for it.
$ perl -- -e
Can't open perl script "-e": Permission denied.
Use -S to search $PATH for it.

converter · Post by **converter** » Sat May 21, 2005 12:41 pm

What's the output of:

Code: Select all

ls -l /dev/null

If I remember correctly, screwed up mode/permissions on /dev/null can cause this error.

daeghrefn · Post by **daeghrefn** » Sat May 21, 2005 7:34 pm

Okay, not sure if I am that familiar with how to search for a file. I tried the examples you had in there, but didn't find anything.

I checked /dev/null and it is:

Code: Select all

# ls -l /dev/null
crw-rw----  1 root root 1, 3 Jan  4 20:29 /dev/null

I did:

Code: Select all

ls -l -- -e

as you suggested and came up with nothing

When I tried the perl commands, it came up "file not found", but when I tried /etc/init.d/slapd start, I still get permission denied.

Last night I took the plunge and did:

Code: Select all

emerge -e world

But after etc-update and rebooting, nothing changed.

converter · Post by **converter** » Mon May 23, 2005 9:42 am

daeghrefn wrote: I checked /dev/null and it is:
Code: Select all
# ls -l /dev/null
crw-rw----  1 root root 1, 3 Jan  4 20:29 /dev/null

That's the problem. Regular users have to be able to read from and write to /dev/null. It's been a couple years
since I actually read the code, but when perl is processing code passed on the command line along with the
-e switch, it has to read from or write to /dev/null and if the permissions are wrong, you get the error.

This should fix the immediate problem:

Code: Select all

# chmod o+rw /dev/null

The big question is: what caused the change to /dev/null's permissions and has it affected other files? This
is something you should look into.

daeghrefn · Post by **daeghrefn** » Thu May 26, 2005 11:35 am

Well, I made the permissions changes to /dev/null and the perl error went away... but LDAP still isn't starting properly.
The startup scripts are not returning an error, but an ldapsearch won't connect to the ldap server, and authentication is still down.

Both my co-workers are on leave this week, so work has been too busy to do much with it, but I will attempt to post the results of

Code: Select all

$ ldapsearch -d 255

when I get the chance. Thanks for the advice.

I too, wonder why things have changed. I would like to log LDAP, but I'm haven't been able to figure out how to get metalog to do that yet. Again, no time right now.

Sheesh. Thanks anyways

daeghrefn · Post by **daeghrefn** » Sat May 28, 2005 6:59 pm

Okay,

so now LDAP starts up without any errors. But when I do a simple:

Code: Select all

# ldapsearch

which usually displays the contents of the directory, I get an error 81, cannot bind to LDAP server.

When I add a -d 255 to the ldapsearch, essentially what it tells me is that the server didn't start, and that ldapsearch can't connect.

Code: Select all

# ldapsearch -d 255
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP master.dravidia.net:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.1.10:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_nedelay_off: 3
TLS trace: SSL_connect:before/connect initialization
tls_write: want=148, written=148
  0000:  80 92 01 03 01 00 69 00  00 00 20 00 00 39 00 00   ......i... ..9..
  0010:  38 00 00 35 00 00 16 00  00 13 00 00 0a 07 00 c0   8..5............
  0020:  00 00 33 00 00 32 00 00  2f 00 00 07 05 00 80 03   ..3..2../.......
  0030:  00 80 00 00 66 00 00 05  00 00 04 01 00 80 08 00   ....f...........
  0040:  80 00 00 63 00 00 62 00  00 61 00 00 15 00 00 12   ...c..b..a......
  0050:  00 00 09 06 00 40 00 00  65 00 00 64 00 00 60 00   .....@..e..d..`.
  0060:  00 14 00 00 11 00 00 08  00 00 06 04 00 80 00 00   ................
  0070:  03 02 00 80 dc de 93 35  3f 1c 42 ea ee 53 9c 29   .......5?.B..S.)
  0080:  9f 10 56 ff fc 12 94 5f  4f 08 c1 3b de 8e 45 3b   ..V...._O..;..E;
  0090:  49 fe 88 13                                        I...
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=0

TLS: can't connecf.
ldap_perror
ldap_bind: Can't contact LDAP server (81)

That's the error. And I haven't changed anything at all since the beginning, so I'm reasonably sure it's not my config files. However, if necessary I can post them.

Thanks.

frugalmail · Post by **frugalmail** » Sun Jun 05, 2005 9:07 pm

Forgive me for jumping on your thread, but I'm having the same problem. Perhaps we can help each other out.

Changing the permissions on /dev/null did fix the first problem. I'd imagine that the security reprucussions of exposing /dev/null are negligible, anybody have comments otherwise?

Now I also can not connect to the ldap server. Although one thing that hasn't been mentioned by the OP'er is the contents of /var/log/messages:

Code: Select all

slapd[31275]: daemon: socket() failed errno=97 (Address family not supported by protocol)
slapd[31275]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)                                          [ ok ]
slapd[31275]: bdb_db_init: Initializing BDB database
Jslapd[31282]: slapd starting

Am I missing something that should have installed?

lkarayan · Post by **lkarayan** » Sun Jun 05, 2005 9:16 pm

slapd is trying to start under ip6, edit /etc/conf.d/slapd and add "-4" to OPTS.
[/code]

BinarySeed · Post by **BinarySeed** » Tue Jun 07, 2005 11:14 pm

lkarayan, where do you add the -4?

Both of these didn't seem to fix my permissions issue.

OPTS="-h -4 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock' -4"

log # /etc/init.d/slapd restart
* Stopping ldap-server... [ ok ]
* Starting ldap-server...
Can't open perl script "-e": Permission denied.
Use -S to search $PATH for it. [ ok ]

Any ideas?

converter · Post by **converter** » Wed Jun 08, 2005 2:12 am

BinarySeed wrote: log # /etc/init.d/slapd restart
* Stopping ldap-server... [ ok ]
* Starting ldap-server...
Can't open perl script "-e": Permission denied.
Use -S to search $PATH for it. [ ok ]

Any ideas?

The first thing you need to do is to fix the mode on /dev/null. Non-privileged users must be able to read from and write to /dev/null or many things will not work right.

BinarySeed · Post by **BinarySeed** » Wed Jun 08, 2005 3:29 pm

converter, I have ran the following to change permissions to /dev/null. When starting the script I still have the same issues come up. I've looked online and it's not the easiest thing to find results for ;(

(chmod o+rw /dev/null)

daeghrefn · Post by **daeghrefn** » Wed Jul 20, 2005 8:51 pm

It looks like my original problem was related to an upgrade to UDEV, and it hosed the permissions on /dev/null.

I also ran an update on the DB files, but I'm not sure if that had anything to do with it or not.