TransWikia.com

LDAP slapd server not starting -> Modify ldap when server is offline

Server Fault Asked by Jonas Hölscher on December 30, 2021

so im trying to get a LDAP server with ssl certificate running. I need to change the config by changing cn=config with ldapmodify and therefore cannot use a slapd.conf. It was quite hard finding proper guides on how to set it up with this… im relative new to linux…

Currently the slapd server is not starting and neither a systemctl status nor a journalctl had any information.

I think the problem is that for the ssl certificate I generated a key, so 2 .pem files one as the cert and one as key and then I ran

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f ldap.ldif

to load the config.
Content of ldap.ldif:

dn: cn=config
changetype: modify

add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/ssl/ldapcert.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/ssl/keys/ldapkey.pem
-
add: olcTLSCipherSuite
olcTLSCipherSuite: TLSv1+RSA:!NULL
-
add: olcTLSVerifyClient
olcTLSVerifyClient: never

I had a typo in this file when I loaded it and then the problem arised.
My question is: How can I load the new (without typo) ldap.ldif file to the slapd server, when its shut down. When trying to run ldapmodify it says that he cannot make a connection to the ldap server which makes sense when it’s offline.

To get more information when I try to start the server I ran the following command

/usr/sbin/slapd -h "ldapi:/// ldap://:7389/ ldaps://:7636/" -d -1

and got some more information: (part of the output)

daemon: bind(8) failed errno=98 (Address already in use)
lap_open_listener: failed on ldapi:///
lapd stopped.
onnections_destroy: nothing to destroy.

But I don’t know what to do with this information and I didn’t found similar problems in the internet.

I hope someone can help me!

Greeting Jonas

One Answer

The last output is actually telling you something is using the port so the slapd service is probably in limbo.

Kill the slapd process manually, you can use suggestions in this answer

or just plain pgrep slapd will give you pid of the process which you gonna kill.

Command lsof +L1 or lsof -c slapd may show you slapd is touching some file (means it's in limbo).

And I'm gonna pretend there isn't tlsv1 in your config ;)

Answered by Geeky Masters on December 30, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP