Solved Openldap fails to start on boot

von_Gaden

Active Member

Thanks: 11
Messages: 119

#1
Hi!

Recently I've upgraded a FreeBSD server from v. 9.3 to v. 11.0 (through 10.3 because it "cowardly" refused to continue).
The system was using the old pkg_ so I deinstalled all ports and after the final update I freshly installed all of them.
I am using OpenLDAP on this system - net/openldap24-server and the corresponding client. After the installation I found that OpenLDAP server refuses to start on boot. When I try to start it via /usr/local/etc/rc.d/slapd start it starts and works. After better debugging I found following messages generated during boot:
Code:
Nov  2 12:00:02 mail kernel: Starting slapd.
Nov  2 12:00:02 mail kernel: ldap_url_parse_ext(ldap://localhost/)
Nov  2 12:00:02 mail kernel: ldap_init: trying /usr/local/etc/openldap/ldap.conf
Nov  2 12:00:02 mail kernel: ldap_init: using /usr/local/etc/openldap/ldap.conf
Nov  2 12:00:02 mail kernel: ldap_init: HOME env is /
Nov  2 12:00:02 mail kernel: ldap_init: trying //ldaprc
Nov  2 12:00:02 mail kernel: ldap_init: trying //.ldaprc
Nov  2 12:00:02 mail kernel: ldap_init: trying ldaprc
Nov  2 12:00:02 mail kernel: ldap_init: LDAPCONF env is NULL
Nov  2 12:00:02 mail kernel: ldap_init: LDAPRC env is NULL
Nov  2 12:00:02 mail kernel: 5819d53e @(#) $OpenLDAP: slapd 2.4.44 (Nov  1 2016 22:26:21) $
Nov  2 12:00:02 mail kernel: ivo@mail.lovech.government.bg:/usr/ports/net/openldap24-server/work/openldap-2.4.44/servers/slapd
Nov  2 12:00:02 mail kernel: ldap_pvt_gethostbyname_a: host=, r=-1
Nov  2 12:00:02 mail kernel: 5819d53e daemon_init: ldap://0.0.0.0
Nov  2 12:00:02 mail kernel: 5819d53e daemon_init: listen on ldap://0.0.0.0
Nov  2 12:00:02 mail kernel: 5819d53e daemon_init: 1 listeners to open...
Nov  2 12:00:02 mail kernel: ldap_url_parse_ext(ldap://0.0.0.0)
Nov  2 12:00:02 mail kernel: 5819d53e daemon: bind(5) failed errno=49 (Can't assign requested address)
Nov  2 12:00:02 mail kernel: 5819d53e slap_open_listener: failed on ldap://0.0.0.0
Nov  2 12:00:02 mail kernel: 5819d53e slapd stopped.
Nov  2 12:00:02 mail kernel: 5819d53e connections_destroy: nothing to destroy.
Nov  2 12:00:02 mail kernel: /etc/rc: WARNING: failed to start slapd
Nov  2 12:00:02 mail kernel: Setting hostname: mail.example.com.
In fact I usually start slapd with the following in /etc/rc.conf:
Code:
slapd_enable="YES"
slapd_flags="-h ldap://127.0.0.1"
As you probably see neither -4 option or binding to any IP helped.

This is not the only system with FreeBSD 11 and net/openldap24-server I am running. All other systems run without problems even with the same port version.

Considering that during update some outdated files might be remaining I did a checkup with freebsd-update IDS. The only strange difference was /var/db/services.db. I regenrated it using services_mkdb and then it passed the IDS check.

Is the OpenLDAP server trying to start too early? And what could cause this?

Thanks in advance!
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 6,237
Messages: 27,228

#2
The thing to watch out for is slapd.conf vs. OLC (cn=config). By default OpenLDAP on FreeBSD uses slapd.conf, this might be a plain standard config that was installed with the package. If you're using OLC you'll need to add this to rc.conf:
Code:
slapd_cn_config="YES"
 
OP
OP
V

von_Gaden

Active Member

Thanks: 11
Messages: 119

#3
Thank you!
I've omitted to mention that I'm using slapd.conf
slapd starts from command line without any notices but fails to start during boot.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 6,237
Messages: 27,228

#4
Are you perhaps running it in a jail? Your slapd_flags is set to bind to 127.0.0.1 but in the log output it tries to bind to 0.0.0.0. A jail doesn't have a lo0 interface and therefor no 127.0.0.1.
 
OP
OP
V

von_Gaden

Active Member

Thanks: 11
Messages: 119

#5
Sorry, I've pasted wrong part of the log. Before posting this thread I've tested if the issue is related to certain IP address/interface. It's not in a jail.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 6,237
Messages: 27,228

#6
The default slapd_flags should be fine, no need to set them. It will run on a file socket in /var/run/openldap/ldapi and will try to bind to all IP addresses (0.0.0.0).

If you still get the feeling it's trying to start before the network is up you can try editing /usr/local/etc/rc.d/slapd. Find the line at the top:
Code:
# REQUIRE: FILESYSTEMS ldconfig
And change it to:
Code:
# REQUIRE: FILESYSTEMS ldconfig NETWORKING
That should tell the rcorder(8) system to start it after it has finished setting up the network.
 
OP
OP
V

von_Gaden

Active Member

Thanks: 11
Messages: 119

#7
Thank you very much!

Changing the # REQUIRE line solved the problem!

Before posting here I've tried all reasonable combinations for slapd_flags - no flags, default shown in /usr/local/etc/rc.d/slapd and some other - with no luck.
I still wonder why some of my other servers with very similar configuration start slapd without issues like this.
Having the solution anyway I can happily continue my upgrades :)
 

Gregory N. Schmit

New Member

Thanks: 4
Messages: 12

#8
This was crazy useful for me. I think it has to do with cloud-based virtual machines (or really any machine) that configure networking either via DHCP or via daemons that run on the OS. Networking is therefore configured at some later time and a lot of software doesn't check for this.
 

Mark Novem

New Member


Messages: 1

#9
Thank you very much!

This solved also my problem. I just wondering and wants to dig more details what could had happened. Before it was working properly & run smoothly after the system boot up, but then problems occur after i decided & upgraded the server to a higher version.

Thanks again!
 
Top