Failed to start OpenLDAP Server Daemon

Latest response

Hi,
I do this work

yum install openldap* migrationtools* -y

Successfully install this

But when I start

systemctl start slapd

I see the error
systemctl start slapd
Job for slapd.service failed because the control process exited with error code. See "systemctl status slapd.service" and "journalctl -xe" for details.

systemctl status slapd.service

● slapd.service - OpenLDAP Server Daemon
Loaded: loaded (/usr/lib/systemd/system/slapd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2019-09-30 23:51:33 +06; 25s ago
Docs: man:slapd
man:slapd-config
man:slapd-hdb
man:slapd-mdb
file:///usr/share/doc/openldap-servers/guide.html
Process: 21644 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=1/FAILURE)
Process: 21614 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)

How can I solve this problem
Thanks

Responses

Hi Ashraful,

From your short explanation, the following can be concluded:

a) ExecStartPre script completed successfully (error code 0).

b) ExecStrat failed (error code 1).

Options:

a) Did you check the OpenLDAP logs?

b) Could you try to run this manually (replace variables SLAPD_URLS and SLAPD_OPTIONS with their real values):

/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS

c) What is the outcome of:

journalctl -xe

d) Are you using SELinux?

Regards,

Dusan Baljevic (amateur radio VK2COT)

Hi, I have the same issue, for example when I install it , I get the following error

#systemctl status slapd.service
● slapd.service - OpenLDAP Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2019-11-13 03:37:09 CST; 7min ago
     Docs: man:slapd
           man:slapd-config
           man:slapd-hdb
           man:slapd-mdb
           file:///usr/share/doc/openldap-servers/guide.html
  Process: 104932 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=1/FAILURE)
  Process: 104900 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)

Nov 13 03:37:09 ServerG runuser[104925]: pam_unix(runuser:session): session c...p
Nov 13 03:37:09 ServerG runuser[104927]: pam_unix(runuser:session): session o...)
Nov 13 03:37:09 ServerG runuser[104927]: pam_unix(runuser:session): session c...p
Nov 13 03:37:09 ServerG runuser[104929]: pam_unix(runuser:session): session o...)
Nov 13 03:37:09 ServerG runuser[104929]: pam_unix(runuser:session): session c...p
Nov 13 03:37:09 ServerG slapd[104932]: @(#) $OpenLDAP: slapd 2.4.44 (Dec 18 ... $
                                                                   mockbuild@x86-017.build.eng.b...pd
Nov 13 03:37:09 ServerG systemd[1]: slapd.service: control process exited, c...=1
Nov 13 03:37:09 ServerG systemd[1]: Failed to start OpenLDAP Server Daemon.
Nov 13 03:37:09 ServerG systemd[1]: Unit slapd.service entered failed state.
Nov 13 03:37:09 ServerG systemd[1]: slapd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

I have searched a lot and tried 100 things, none helped
when I try to run it manually I get the following error at the very end. do you think it says that I dont have SSL configured?

TLSMC: MozNSS compatibility interception ends.
TLS: could not use certificate `OpenLDAP Server'.
TLS: error:0200100D:system library:fopen:Permission denied bss_file.c:402
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468
5dcbcf86 main: TLS init def ctx failed: -1
5dcbcf86 slapd destroy: freeing system resources.
5dcbcf86 slapd stopped.
5dcbcf86 connections_destroy: nothing to destroy.

Solved: It seems that the server will not write a PIDfile to /var/run/openldap/slapd.pid is the directory is not populated with a Manager.

Also: Several of the issues listed in this thread have solutions related to slapd.ldif which is used to populate the initial contents of the directory. A template file for it is found in /usr/share/openldap-servers/. One line in slapd.ldif reads olcTLSCertificateFile: "OpenLDAP Server", as in the previous post of this thread.

Admins need to RTFM, particularly item #8

== Starting with systemctl start slapd

-- Unit slapd.service has begun starting up.
May 22 19:44:29 devops runuser[4020]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
May 22 19:44:29 devops runuser[4020]: pam_unix(runuser:session): session closed for user ldap
May 22 19:44:29 devops slapcat[4024]: DIGEST-MD5 common mech free
May 22 19:44:29 devops slapd[4032]: @(#) $OpenLDAP: slapd 2.4.44 (Jan 29 2019 17:42:45) $
                                            mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
May 22 19:44:29 devops systemd[1]: Can't open PID file /var/run/openldap/slapd.pid (yet?) after start: No such file or directory
May 22 19:45:59 devops systemd[1]: slapd.service start operation timed out. Terminating.
May 22 19:45:59 devops slapd[4033]: DIGEST-MD5 common mech free
May 22 19:45:59 devops systemd[1]: Failed to start OpenLDAP Server Daemon.
-- Subject: Unit slapd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit slapd.service has failed.
-- 
-- The result is failed.
May 22 19:45:59 devops systemd[1]: Unit slapd.service entered failed state.
May 22 19:45:59 devops systemd[1]: slapd.service failed.

OR

/etc/openldap/slapd.d$ slapd -h "ldap:///" -u ldap -g ldap -F /etc/openldap/slapd.d -f /etc/openldap/slapd.conf -d 256
5ec86603 @(#) $OpenLDAP: slapd 2.4.44 (Jan 29 2019 17:42:45) $
    mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
TLSMC: MozNSS compatibility interception begins.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present.
tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
5ec86603 slapd starting
^C5ec86670 daemon: shutdown requested and initiated.  (waited a few minutes, then ^C)
5ec86670 slapd shutdown: waiting for 0 operations/tasks to finish
5ec86670 slapd stopped.