Solved LDAP failed to start at boot whereas starts manually successfully => following the Freebsd handbook step by step

T

TrOuBLe

Hello everyone,
I hope i can find someone to assist me with my LDAP issue!

i have installed the server as mentioned in the documentation Freebsd Handbook step by step...
All the steps are executed perfectly as mentioned and the server runs with the command
Code: 
/usr/local/libexec/slapd -F /usr/local/etc/openldap/slapd.d/
without any issue or errors as shown in the debug.log

Aug 15 09:08:33 test slapd[72968]: @(#) $OpenLDAP: slapd 2.4.50 (Aug 7 2020 16:00:53) $ root@121amd64-quarterly-job-01:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.50/servers/slapd
Aug 15 09:08:33 test slapd[72969]: slapd starting

but it is failing on boot or even if trying to call the

service slapd start

with the following error

Aug 15 09:11:36 test slapd[73031]: @(#) $OpenLDAP: slapd 2.4.50 (Aug 7 2020 16:00:53) $ root@121amd64-quarterly-job-01:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.50/servers/slapd
Aug 15 09:11:36 test slapd[73031]: main: TLS init def ctx failed: -1
Aug 15 09:11:36 test slapd[73031]: slapd stopped.
Aug 15 09:11:36 test slapd[73031]: connections_destroy: nothing to destroy.

note that i have the following lines added to the rc.conf file

slapd_enable="YES"
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/
ldap://0.0.0.0/"'
slapd_sockets="/var/run/openldap/ldapi"
slapd_cn_config="YES"

and config directory as mentioned in the documentation
mkdir /usr/local/etc/openldap/slapd.d/

I think the issue is that we should point that folder to the boot file... please advice

note that all TLS file as self-signed and are correct as per the check made
openssl verify -verbose -CApath . server.crt

without any luck...
please feel free to ask for more details if required...

i appreciate your cooperation
best regards
cheers
 
the permissions are set as follow


lrwxr-xr-x 1 root ldap 6 Aug 14 23:19 378179f8.0@ -> ca.crt
lrwxr-xr-x 1 root ldap 10 Aug 14 23:19 378179f8.1@ -> client.crt
lrwxr-xr-x 1 root ldap 10 Aug 14 23:19 6c30d854.0@ -> server.crt
-rw-r--r-- 1 root ldap 1318 Aug 14 23:17 ca.crt
-rw-r--r-- 1 root ldap 41 Aug 14 23:18 ca.srl
-rw-r--r-- 1 root ldap 1196 Aug 14 23:18 client.crt
drwxr-xr-x 2 root ldap 512 Aug 14 23:18 private/
-rw-r--r-- 1 root ldap 1212 Aug 14 23:18 server.crt


thanks for your reply
 
How slapd is configured wrt certificate?
If it starts with the root account but not with the slapd user it's probably a perm problem. What are the perms of the cert folder?
 
acheron said:
Running the command *as* your slapd user could also verify permissions.
Click to expand...

i check the "ldap" user and i got
This account is currently not available.

whereas it is listed

root@test:/usr/local/etc/openldapCertificates # cat /etc/passwd | cut -d: -f1 | grep -v \#
root
toor
daemon
operator
bin
tty
kmem
games
news
man
sshd
smmsp
mailnull
bind
unbound
proxy
_pflogd
_dhcp
uucp
pop
auditdistd
www
ntpd
_ypldap
hast
nobody
eswglobal
cyrus
mysql
_ntp
postfix
ldap
 
setting the certificate folder permission to ldap:ldap the issue is solved

drwxr-xr-x 3 ldap ldap 512 Aug 14 23:19 openldapCertificates/


root@test:/usr/local/etc # service slapd stop
slapd not running? (check /var/run/openldap/slapd.pid).
root@test:/usr/local/etc # service slapd start
Performing sanity check on slap configuration: OK
Starting slapd.


debug.log


Aug 15 11:37:13 test slapd[74664]: @(#) $OpenLDAP: slapd 2.4.50 (Aug 7 2020 16:00:53) $ root@121amd64-quarterly-job-01:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.50/servers/slapd
Aug 15 11:37:13 test slapd[74665]: slapd starting



thanks for the support
 
it looks like the server is starting but nothing effectively is working


root@test:~ # sockstat -4 -p 389
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root@test:~ #
 
Are you sure your ldap server listen on 389 and not 636? What does this return:
ps axuw | grep slapd
Also, check /var/log/debug.log for errors.
 
yes it is set to port 389

root@test:~ # service slapd stop
slapd not running? (check /var/run/openldap/slapd.pid).
root@test:~ # service slapd status
slapd is not running.
root@test:~ # /usr/local/libexec/slapd -F /usr/local/etc/openldap/slapd.d/
root@test:~ # service slapd status
slapd is running as pid 5545.
root@test:~ # sockstat -4 -p 389
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root slapd 5545 7 tcp4 *:389 *:*
root@test:~ # service slapd status
slapd is running as pid 5545.
root@test:~ # service slapd stop
Stopping slapd.
root@test:~ # service slapd start
Performing sanity check on slap configuration: OK
Starting slapd.
root@test:~ # service slapd status
slapd is running as pid 5601.
root@test:~ # sockstat -4 -p 389
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root@test:~ #

debug.log

Aug 15 07:57:26 test slapd[3674]: slapd starting
Aug 15 07:58:02 test slapd[3674]: conn=1000 fd=9 ACCEPT from IP=127.0.0.1:36490 (IP=0.0.0.0:389)
Aug 15 07:58:02 test slapd[3674]: conn=1000 op=0 BIND dn="cn=mdbadmin,dc=eswdistplus,dc=com" method=128
Aug 15 07:58:02 test slapd[3674]: conn=1000 op=0 RESULT tag=97 err=49 text=
Aug 15 07:58:02 test slapd[3674]: conn=1000 op=1 UNBIND
Aug 15 07:58:02 test slapd[3674]: conn=1000 fd=9 closed
Aug 15 07:58:06 test slapd[3674]: conn=1001 fd=9 ACCEPT from IP=127.0.0.1:36491 (IP=0.0.0.0:389)
Aug 15 07:58:06 test slapd[3674]: conn=1001 op=0 BIND dn="cn=mdbadmin,dc=eswdistplus,dc=com" method=128
Aug 15 07:58:06 test slapd[3674]: conn=1001 op=0 RESULT tag=97 err=49 text=
Aug 15 07:58:06 test slapd[3674]: conn=1001 op=1 UNBIND
Aug 15 07:58:06 test slapd[3674]: conn=1001 fd=9 closed
Aug 15 07:58:49 test slapd[3674]: conn=1002 fd=9 ACCEPT from IP=127.0.0.1:36493 (IP=0.0.0.0:389)
Aug 15 07:58:49 test slapd[3674]: conn=1002 op=0 BIND dn="cn=mdbadmin,dc=eswdistplus,dc=com" method=128
Aug 15 07:58:49 test slapd[3674]: conn=1002 op=0 RESULT tag=97 err=49 text=
Aug 15 07:58:49 test slapd[3674]: conn=1002 op=1 UNBIND
Aug 15 07:58:49 test slapd[3674]: conn=1002 fd=9 closed
Aug 15 07:58:58 test slapd[3674]: conn=1003 fd=9 ACCEPT from IP=127.0.0.1:36495 (IP=0.0.0.0:389)
Aug 15 07:58:58 test slapd[3674]: conn=1003 op=0 BIND dn="cn=mdbadmin,dc=eswdistplus,dc=com" method=128
Aug 15 07:58:58 test slapd[3674]: conn=1003 op=0 RESULT tag=97 err=49 text=
Aug 15 07:58:58 test slapd[3674]: conn=1003 op=1 UNBIND
Aug 15 07:58:58 test slapd[3674]: conn=1003 fd=9 closed
Aug 15 10:14:00 test slapd[3674]: daemon: shutdown requested and initiated.
Aug 15 10:14:00 test slapd[3674]: slapd shutdown: waiting for 0 operations/tasks to finish
Aug 15 10:14:00 test slapd[3674]: slapd stopped.
Aug 15 10:15:23 test slapd[5544]: @(#) $OpenLDAP: slapd 2.4.50 (Aug 7 2020 16:00:53) $ root@121amd64-quarterly-job-01:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.50/servers/slapd
Aug 15 10:15:23 test slapd[5545]: slapd starting
Aug 15 10:16:09 test slapd[5545]: daemon: shutdown requested and initiated.
Aug 15 10:16:09 test slapd[5545]: slapd shutdown: waiting for 0 operations/tasks to finish
Aug 15 10:16:09 test slapd[5545]: slapd stopped.
Aug 15 10:16:12 test slapd[5600]: @(#) $OpenLDAP: slapd 2.4.50 (Aug 7 2020 16:00:53) $ root@121amd64-quarterly-job-01:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.50/servers/slapd
Aug 15 10:16:12 test slapd[5601]: slapd starting

kindly find the commands executed above and their debug logs.


root@test:~ # ps axuw | grep slapd
root 2437 0.0 0.7 1076400 11420 - Is 07:06 0:00.00 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/\nldap://0.0.0.0/
root 2668 0.0 0.7 1076396 11416 - Is 07:14 0:00.00 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/\nldap://0.0.0.0/
root 2740 0.0 0.7 1076396 11416 - Is 07:17 0:00.00 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/\nldap://0.0.0.0/
root 2778 0.0 0.7 1076396 11416 - Is 07:17 0:00.00 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/\nldap://0.0.0.0/
ldap 5601 0.0 0.7 1076360 11388 - Is 10:16 0:00.01 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/\nldap://0.0.0.0/ -u l
root 5665 0.0 0.0 524 336 0 R+ 10:19 0:00.00 grep slapd
root@test:~ #



thanks !
 

root@test:/usr/local/etc/openldap # ll /var/db/openldap-data
total 20
-rw------- 1 ldap ldap 12288 Aug 11 19:12 data.mdb
-rw------- 1 ldap ldap 8192 Aug 15 10:48 lock.mdb
root@test:/usr/local/etc/openldap #


it is... there is something wrong within the documentation... there is missing steps i guess
 

root@test:/usr/local/etc/openldap # ll /var/db
total 5976
---------- 1 root wheel 7710 Aug 15 10:51 dhclient.leases.vtnet0
drwx------ 2 operator operator 512 Aug 15 11:00 entropy/
drwxr-xr-x 3 root wheel 512 Nov 1 2019 etcupdate/
drwxr-xr-x 2 root wheel 512 Aug 10 16:01 fontconfig/
drwx------ 4 root wheel 1024 Aug 15 03:41 freebsd-update/
drwx------ 2 root wheel 512 Nov 1 2019 hyperv/
drwx------ 2 root wheel 512 Nov 1 2019 ipf/
-r--r--r-- 1 nobody wheel 3794448 Aug 15 04:19 locate.database
-rw------- 1 root wheel 29165 Nov 1 2019 mergemaster.mtree
drwxr-xr-x 11 mysql mysql 1024 Aug 15 06:51 mysql/
drwxr-x--- 2 mysql mysql 512 Jul 29 12:13 mysql_secure/
drwxr-x--- 2 mysql mysql 512 Aug 15 06:50 mysql_tmpdir/
drwxr-xr-x 2 ntpd ntpd 512 Aug 15 10:52 ntp/
-rw-r--r-- 1 root wheel 10665 Apr 24 00:15 ntpd.leap-seconds.list
drwx------ 2 ldap ldap 512 Aug 15 10:54 openldap-data/
drwxr-xr-x 2 root wheel 512 Aug 15 07:39 pkg/
drwxr-xr-x 40 root wheel 1024 Aug 11 05:40 ports/
drwxr-xr-x 3 root wheel 512 Aug 11 05:40 portsnap/
drwx------ 2 postfix wheel 512 Aug 11 05:47 postfix/
-rw-r--r-- 1 root wheel 2097920 Nov 1 2019 services.db
drwx--x--x 3 root wheel 512 Oct 24 2019 sudo/
drwxr-xr-x 3 root wheel 512 Nov 1 2019 zfsd/
root@test:/usr/local/etc/openldap #
 
i used this command
/usr/local/libexec/slapd -d -1 -F /usr/local/etc/openldap/slapd.d/

but it was not written to the log file...
any other command thanks
 
It's probably
/usr/local/libexec/slapd -d 256 -F /usr/local/etc/openldap/slapd.d/

Also, make sure you don't already have a slapd process running (it's not clear in #12)
 

root@test:~ # service slapd stop
Stopping slapd.
root@test:~ # service slapd status
slapd is not running.
root@test:~ # /usr/local/libexec/slapd -d 256 -F /usr/local/etc/openldap/slapd.d/
5f382317 @(#) $OpenLDAP: slapd 2.4.50 (Aug 7 2020 16:00:53) $
root@121amd64-quarterly-job-01:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.50/servers/slapd
5f382317 slapd starting


debug.log


Aug 15 14:01:46 test slapd[6870]: daemon: shutdown requested and initiated.
Aug 15 14:01:46 test slapd[6870]: slapd shutdown: waiting for 0 operations/tasks to finish
Aug 15 14:01:46 test slapd[6870]: slapd stopped.
Aug 15 14:01:59 test slapd[9015]: @(#) $OpenLDAP: slapd 2.4.50 (Aug 7 2020 16:00:53) $ root@121amd64-quarterly-job-01:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.50/servers/slapd
Aug 15 14:01:59 test slapd[9015]: slapd starting


I appreciate your follow up, Thanks!
 
TrOuBLe said:

Aug 15 14:01:46 test slapd[6870]: daemon: shutdown requested and initiated.
Aug 15 14:01:46 test slapd[6870]: slapd shutdown: waiting for 0 operations/tasks to finish
Aug 15 14:01:46 test slapd[6870]: slapd stopped.
Aug 15 14:01:59 test slapd[9015]: @(#) $OpenLDAP: slapd 2.4.50 (Aug 7 2020 16:00:53) $ root@121amd64-quarterly-job-01:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.50/servers/slapd
Aug 15 14:01:59 test slapd[9015]: slapd starting
Click to expand...
What's after this last line?
 
I haven't gone through this whole thread. But the handbook has gone downhill for 3rd party stuff, in my arrogant opinion, and this was one of things that made me think so.
But yeah, using that article, LDAP will not start. Perhaps it's dated, but as they don't put dates, one can't really tell.

In slapd.conf you'll see modulepath and moduleload, Uncomment the two moduleload lines, for back_mdb and back_ldap. (Maybe just uncomment one of them, honestly, I don't remember, but with that handbook article, that was the problem. If this is already in the thread, I apologize for the waste of time.
 
Good day,
I did what you have proposed with uncommenting one of the 2 modules or both of them, but still have the same issue...

thanks for the efforts... i will try to go over fresh install again and will inform you later today. Thx
 
You must log in or register to reply here.
Back
Top