Solved Openldap fails to start on boot

von_Gaden · Nov 2, 2016

Hi!

Recently I've upgraded a FreeBSD server from v. 9.3 to v. 11.0 (through 10.3 because it "cowardly" refused to continue).
The system was using the old pkg_ so I deinstalled all ports and after the final update I freshly installed all of them.
I am using OpenLDAP on this system - net/openldap24-server and the corresponding client. After the installation I found that OpenLDAP server refuses to start on boot. When I try to start it via /usr/local/etc/rc.d/slapd start it starts and works. After better debugging I found following messages generated during boot:

Code:

Nov  2 12:00:02 mail kernel: Starting slapd.
Nov  2 12:00:02 mail kernel: ldap_url_parse_ext(ldap://localhost/)
Nov  2 12:00:02 mail kernel: ldap_init: trying /usr/local/etc/openldap/ldap.conf
Nov  2 12:00:02 mail kernel: ldap_init: using /usr/local/etc/openldap/ldap.conf
Nov  2 12:00:02 mail kernel: ldap_init: HOME env is /
Nov  2 12:00:02 mail kernel: ldap_init: trying //ldaprc
Nov  2 12:00:02 mail kernel: ldap_init: trying //.ldaprc
Nov  2 12:00:02 mail kernel: ldap_init: trying ldaprc
Nov  2 12:00:02 mail kernel: ldap_init: LDAPCONF env is NULL
Nov  2 12:00:02 mail kernel: ldap_init: LDAPRC env is NULL
Nov  2 12:00:02 mail kernel: 5819d53e @(#) $OpenLDAP: slapd 2.4.44 (Nov  1 2016 22:26:21) $
Nov  2 12:00:02 mail kernel: ivo@mail.lovech.government.bg:/usr/ports/net/openldap24-server/work/openldap-2.4.44/servers/slapd
Nov  2 12:00:02 mail kernel: ldap_pvt_gethostbyname_a: host=, r=-1
Nov  2 12:00:02 mail kernel: 5819d53e daemon_init: ldap://0.0.0.0
Nov  2 12:00:02 mail kernel: 5819d53e daemon_init: listen on ldap://0.0.0.0
Nov  2 12:00:02 mail kernel: 5819d53e daemon_init: 1 listeners to open...
Nov  2 12:00:02 mail kernel: ldap_url_parse_ext(ldap://0.0.0.0)
Nov  2 12:00:02 mail kernel: 5819d53e daemon: bind(5) failed errno=49 (Can't assign requested address)
Nov  2 12:00:02 mail kernel: 5819d53e slap_open_listener: failed on ldap://0.0.0.0
Nov  2 12:00:02 mail kernel: 5819d53e slapd stopped.
Nov  2 12:00:02 mail kernel: 5819d53e connections_destroy: nothing to destroy.
Nov  2 12:00:02 mail kernel: /etc/rc: WARNING: failed to start slapd
Nov  2 12:00:02 mail kernel: Setting hostname: mail.example.com.

In fact I usually start slapd with the following in /etc/rc.conf:

Code:

slapd_enable="YES"
slapd_flags="-h ldap://127.0.0.1"

As you probably see neither -4 option or binding to any IP helped.

This is not the only system with FreeBSD 11 and net/openldap24-server I am running. All other systems run without problems even with the same port version.

Considering that during update some outdated files might be remaining I did a checkup with freebsd-update IDS. The only strange difference was /var/db/services.db. I regenrated it using services_mkdb and then it passed the IDS check.

Is the OpenLDAP server trying to start too early? And what could cause this?

Thanks in advance!

SirDice · Nov 2, 2016

The thing to watch out for is slapd.conf vs. OLC (cn=config). By default OpenLDAP on FreeBSD uses slapd.conf, this might be a plain standard config that was installed with the package. If you're using OLC you'll need to add this to rc.conf:

Code:

slapd_cn_config="YES"

von_Gaden · Nov 2, 2016

Thank you!
I've omitted to mention that I'm using slapd.conf
slapd starts from command line without any notices but fails to start during boot.

SirDice · Nov 2, 2016

Are you perhaps running it in a jail? Your slapd_flags is set to bind to 127.0.0.1 but in the log output it tries to bind to 0.0.0.0. A jail doesn't have a lo0 interface and therefor no 127.0.0.1.

von_Gaden · Nov 2, 2016

Sorry, I've pasted wrong part of the log. Before posting this thread I've tested if the issue is related to certain IP address/interface. It's not in a jail.

SirDice · Nov 2, 2016

The default slapd_flags should be fine, no need to set them. It will run on a file socket in /var/run/openldap/ldapi and will try to bind to all IP addresses (0.0.0.0).

If you still get the feeling it's trying to start before the network is up you can try editing /usr/local/etc/rc.d/slapd. Find the line at the top:

Code:

# REQUIRE: FILESYSTEMS ldconfig

And change it to:

Code:

# REQUIRE: FILESYSTEMS ldconfig NETWORKING

That should tell the rcorder(8) system to start it after it has finished setting up the network.

von_Gaden · Nov 3, 2016

Thank you very much!

Changing the # REQUIRE line solved the problem!

Before posting here I've tried all reasonable combinations for slapd_flags - no flags, default shown in /usr/local/etc/rc.d/slapd and some other - with no luck.
I still wonder why some of my other servers with very similar configuration start slapd without issues like this.
Having the solution anyway I can happily continue my upgrades

Gregory N. Schmit · Mar 23, 2017

This was crazy useful for me. I think it has to do with cloud-based virtual machines (or really any machine) that configure networking either via DHCP or via daemons that run on the OS. Networking is therefore configured at some later time and a lot of software doesn't check for this.

Mark Novem · Sep 28, 2017

Thank you very much!

This solved also my problem. I just wondering and wants to dig more details what could had happened. Before it was working properly & run smoothly after the system boot up, but then problems occur after i decided & upgraded the server to a higher version.

Thanks again!

acheron · Apr 11, 2018

It's fixed: PR 213671, svn commit

TrOuBLe · Aug 15, 2020

Hello everyone,
I hope i can find someone to assist me with my LDAP issue!

i have installed the server as mentioned in the documentation Freebsd Handbook step by step...
All the steps are executed perfectly as mentioned and the server runs with the command

Code:

/usr/local/libexec/slapd -F /usr/local/etc/openldap/slapd.d/

without any issue or errors as shown in the debug.log

Aug 15 09:08:33 test slapd[72968]: @(#) $OpenLDAP: slapd 2.4.50 (Aug 7 2020 16:00:53) $ root@121amd64-quarterly-job-01:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.50/servers/slapd
Aug 15 09:08:33 test slapd[72969]: slapd starting

but it is failing on boot or even if trying to call the

service slapd start

with the following error

 Aug 15 09:11:36 test slapd[73031]: @(#) $OpenLDAP: slapd 2.4.50 (Aug  7 2020 16:00:53) $        root@121amd64-quarterly-job-01:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.50/servers/slapd

Aug 15 09:11:36 test slapd[73031]: main: TLS init def ctx failed: -1

Aug 15 09:11:36 test slapd[73031]: slapd stopped.

Aug 15 09:11:36 test slapd[73031]: connections_destroy: nothing to destroy.

note that i have the following lines added to the rc.conf file

 slapd_enable="YES"

slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/

ldap://0.0.0.0/"'

slapd_sockets="/var/run/openldap/ldapi"

slapd_cn_config="YES"

and config directory as mentioned in the documentation
[B]mkdir /usr/local/etc/openldap/slapd.d/[/B]

I think the issue is that we should point that folder to the boot file... please advice

note that all TLS file as self-signed and are correct as per the check made
[B]openssl verify -verbose -CApath . server.crt[/B]

i have tried the above-mentioned tip
# REQUIRE: FILESYSTEMS ldconfig NETWORKING
without any luck...
please feel free to ask for more details if required...

i appreciate your cooperation
best regards
cheers

acheron · Aug 15, 2020

TrOuBLe said:
Hello everyone,
I hope i can find someone to assist me with my LDAP issue!

i have installed the server as mentioned in the documentation Freebsd Handbook step by step...
All the steps are executed perfectly as mentioned and the server runs with the command

Code:

/usr/local/libexec/slapd -F /usr/local/etc/openldap/slapd.d/

without any issue or errors as shown in the debug.log

Aug 15 09:08:33 test slapd[72968]: @(#) $OpenLDAP: slapd 2.4.50 (Aug 7 2020 16:00:53) $ root@121amd64-quarterly-job-01:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.50/servers/slapd
Aug 15 09:08:33 test slapd[72969]: slapd starting

but it is failing on boot or even if trying to call the

service slapd start

with the following error

Aug 15 09:11:36 test slapd[73031]: @(#) $OpenLDAP: slapd 2.4.50 (Aug 7 2020 16:00:53) $ root@121amd64-quarterly-job-01:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.50/servers/slapd Aug 15 09:11:36 test slapd[73031]: main: TLS init def ctx failed: -1 Aug 15 09:11:36 test slapd[73031]: slapd stopped. Aug 15 09:11:36 test slapd[73031]: connections_destroy: nothing to destroy.

note that i have the following lines added to the rc.conf file

slapd_enable="YES" slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"' slapd_sockets="/var/run/openldap/ldapi" slapd_cn_config="YES"

and config directory as mentioned in the documentation
[B]mkdir /usr/local/etc/openldap/slapd.d/[/B]

I think the issue is that we should point that folder to the boot file... please advice

note that all TLS file as self-signed and are correct as per the check made
[B]openssl verify -verbose -CApath . server.crt[/B]

i have tried the above-mentioned tip
# REQUIRE: FILESYSTEMS ldconfig NETWORKING
without any luck...
please feel free to ask for more details if required...

i appreciate your cooperation
best regards
cheers

Start a new thread please.

Solved Openldap fails to start on boot

von_Gaden

SirDice

Administrator

von_Gaden

SirDice

Administrator

von_Gaden

SirDice

Administrator

von_Gaden

Gregory N. Schmit

Mark Novem

acheron

TrOuBLe

acheron