LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 01-19-2012, 10:46 PM   #1
chenbo
LQ Newbie
 
Registered: Jul 2011
Posts: 13

Rep: Reputation: Disabled
CentOS 6.2 service slapd start does not work


Hi,

In my new CentoOS 6.2 setup and configuration, the pre-installed openldap does not start when I enter

Code:
service slapd start
in the command line. The follow is the original script in /etc/init.d/slapd

Code:
#!/bin/bash
#
# slapd   This shell script takes care of starting and stopping
#         ldap servers (slapd).
#
# chkconfig: - 27 73
# description: LDAP stands for Lightweight Directory Access Protocol, used \
#              for implementing the industry standard directory services.
# processname: slapd
# config: /etc/openldap/slapd.conf
# pidfile: /var/run/slapd.pid

### BEGIN INIT INFO
# Provides: slapd
# Required-Start: $network $local_fs
# Required-Stop: $network $local_fs 
# Should-Start: 
# Should-Stop: 
# Default-Start: 
# Default-Stop: 
# Short-Description: starts and stopd OpenLDAP server daemon
# Description: LDAP stands for Lightweight Directory Access Protocol, used
#              for implementing the industry standard directory services.
### END INIT INFO

# Source function library.
. /etc/init.d/functions

# Define default values of options allowed in /etc/sysconfig/ldap
SLAPD_LDAP="yes"
SLAPD_LDAPI="no"
SLAPD_LDAPS="no"
SLAPD_URLS=""
SLAPD_SHUTDOWN_TIMEOUT=3
# OPTIONS, SLAPD_OPTIONS and KTB5_KTNAME are not defined

# Source an auxiliary options file if we have one
if [ -r /etc/sysconfig/ldap ] ; then
	. /etc/sysconfig/ldap
fi

slapd=/usr/sbin/slapd
slaptest=/usr/sbin/slaptest
lockfile=/var/lock/subsys/slapd
configdir=/etc/openldap/slapd.d/
configfile=/etc/openldap/slapd.conf
pidfile=/var/run/slapd.pid
slapd_pidfile=/var/run/openldap/slapd.pid

RETVAL=0

#
# Pass commands given in $2 and later to "test" run as user given in $1.
#
function testasuser() {
	local user= cmd=
	user="$1"
	shift
	cmd="$@"
	if test x"$user" != x ; then
		if test x"$cmd" != x ; then
			/sbin/runuser -f -m -s /bin/sh -c "test $cmd" -- "$user"
		else
			false
		fi
	else
		false
	fi
}

#
# Check for read-access errors for the user given in $1 for a service named $2.
# If $3 is specified, the command is run if "klist" can't be found.
#
function checkkeytab() {
	local user= service= klist= default=
	user="$1"
	service="$2"
	default="${3:-false}"
	if test -x /usr/kerberos/bin/klist ; then
		klist=/usr/kerberos/bin/klist
	elif test -x /usr/bin/klist ; then
		klist=/usr/bin/klist
	fi
	KRB5_KTNAME="${KRB5_KTNAME:-/etc/krb5.keytab}"
	export KRB5_KTNAME
	if test -s "$KRB5_KTNAME" ; then
		if test x"$klist" != x ; then
			if LANG=C $klist -k "$KRB5_KTNAME" | tail -n 4 | awk '{print $2}' | grep -q ^"$service"/ ; then
				if ! testasuser "$user" -r ${KRB5_KTNAME:-/etc/krb5.keytab} ; then
					true
				else
					false
				fi
			else
				false
			fi
		else
			$default
		fi
	else
		false
	fi
}

function configtest() {
	local user= ldapuid= dbdir= file=
	# Check for simple-but-common errors.
	user=ldap
	prog=`basename ${slapd}`
	ldapuid=`id -u $user`
	# Unaccessible database files.
	dbdirs=""
	if [ -d $configdir ]; then
		for configfile in `ls -1 $configdir/cn\=config/olcDatabase*.ldif`; do
			dbdirs=$dbdirs"
			"`LANG=C egrep '^olcDbDirectory[[:space:]]*:[[:space:]]+[[:print:]]+$' $configfile | sed 's,^olcDbDirectory: ,,'`
		done
	elif [ -f $configfile ]; then
			dbdirs=`LANG=C egrep '^directory[[:space:]]+' $configfile | sed 's,^directory[[:space:]]*,,'`
	else
		exit 6
	fi
	for dbdir in $dbdirs; do
		if [ ! -d $dbdir ]; then
			exit 6
		fi
		for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name alock \)` ; do
			echo -n $"$file is not owned by \"$user\"" ; warning ; echo
		done
		if test -f "${dbdir}/DB_CONFIG"; then
			if ! testasuser $user -r "${dbdir}/DB_CONFIG"; then
				file=DB_CONFIG
				echo -n $"$file is not readable by \"$user\"" ; warning ; echo
			fi
		fi
	done
	# Unaccessible keytab with an "ldap" key.
	if checkkeytab $user ldap ; then
		file=${KRB5_KTNAME:-/etc/krb5.keytab}
		echo -n $"$file is not readable by \"$user\"" ; warning ; echo
	fi
	# Unaccessible TLS configuration files.
	if [ -d $configdir ]; then
		tlsconfigs=$(LANG=C sed \
			-e '/^olcTLS\(CertificateFile\|CertificateKeyFile\|CACertificateFile\)/!d' \
			-e ':a;N;s/\n //;ta;P;D' "${configdir}/cn=config.ldif" | \
			awk '{print $2}' | sort -u
		)
	elif [ -f $configfile ]; then
		tlsconfigs=$(LANG=C egrep \
			'^(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]+' $configfile | \
			awk '{print $2}' | sort -u
		)
	fi
	for file in $tlsconfigs ; do
		if ! testasuser $user -r $file ; then
			echo -n $"$file is not readable by \"$user\"" ; warning ; echo
		fi
	done
	# Check the configuration file.
	slaptestout=`/sbin/runuser -m -s "$slaptest" -- "$user" "-u" 2>&1`
	slaptestexit=$?
#	slaptestout=`echo $slaptestout 2>/dev/null | grep -v "config file testing succeeded"`
	# print warning if slaptest passed but reports some problems
	if test $slaptestexit == 0 ; then
		if echo "$slaptestout" | grep -v "config file testing succeeded" >/dev/null ; then
			echo -n $"Checking configuration files for $prog: " ; warning ; echo
			echo "$slaptestout"
		fi
	fi
	# report error if configuration file is wrong
	if test $slaptestexit != 0 ; then
		echo -n $"Checking configuration files for $prog: " ; failure ; echo
		echo "$slaptestout"
		if /sbin/runuser -m -s "$slaptest" -- "$user" "-u" > /dev/null 2> /dev/null ; then
			#dirs=`LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' $configfile | awk '{print $2}'`
			for directory in $dbdirs ; do
				if test -r $directory/__db.001 ; then
					echo -n $"stale lock files may be present in $directory" ; warning ; echo
				fi
			done
		fi
		exit 6
	fi
}

function start() {
	[ -x $slapd ] || exit 5
	[ `id -u` -eq 0 ] || exit 4
	configtest
	# Define a couple of local variables which we'll need. Maybe.
	user=ldap
	prog=`basename ${slapd}`
	harg="$SLAPD_URLS"
	if test x$SLAPD_LDAP = xyes ; then
		harg="$harg ldap:///"
	fi
	if test x$SLAPD_LDAPS = xyes ; then
		harg="$harg ldaps:///"
	fi
	if test x$SLAPD_LDAPI = xyes ; then
		harg="$harg ldapi:///"
	fi
	# System resources limit.
	if [ -n "$SLAPD_ULIMIT_SETTINGS" ]; then
		ulimit="ulimit $SLAPD_ULIMIT_SETTINGS &>/dev/null;"
	else
		ulimit=""
	fi
	# Start daemons.
	echo -n $"Starting $prog: "
	daemon --pidfile=$pidfile --check=$prog $ulimit ${slapd} -h "\"$harg\"" -u ${user} $OPTIONS $SLAPD_OPTIONS 
	RETVAL=$?
	if [ $RETVAL -eq 0 ]; then
		touch $lockfile
		ln $slapd_pidfile $pidfile
	fi
	echo
	return $RETVAL
}

function stop() {
	# Stop daemons.
	prog=`basename ${slapd}`
	[ `id -u` -eq 0 ] || exit 4
	echo -n $"Stopping $prog: "

	# This will remove pid and args files from /var/run/openldap
	killproc -p $slapd_pidfile -d $SLAPD_SHUTDOWN_TIMEOUT ${slapd}
	RETVAL=$?

	# Now we want to remove lock file and hardlink of pid file
	[ $RETVAL -eq 0 ] && rm -f $pidfile $lockfile
	echo
	return $RETVAL
}

# See how we were called.
case "$1" in
	configtest)
		configtest
		;;
	start)
		start
		RETVAL=$?
		;;
	stop)
		stop
		RETVAL=$?
		;;
	status)
		status -p $pidfile ${slapd}
		RETVAL=$?
		;;
	restart|force-reload)
		stop
		start
		RETVAL=$?
		;;
	condrestart|try-restart)
		status -p $pidfile ${slapd} > /dev/null 2>&1 || exit 0
		stop
		start
		;;
	usage)
		echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart|try-restart|configtest|usage}"
		RETVAL=0
		;;
	*)
		echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart|try-restart|configtest|usage}"
		RETVAL=2
esac

exit $RETVAL
However, if I change

Code:
daemon --pidfile=$pidfile --check=$prog $ulimit ${slapd} -h "\"$harg\"" -u ${user} $OPTIONS $SLAPD_OPTIONS
in function start() to

Code:
daemon --pidfile=$pidfile --check=$prog $ulimit ${slapd} -h ldap://192.168.0.10 -u ${user} $OPTIONS $SLAPD_OPTIONS
where 192.168.0.10 is the ip address of the host.

then

Code:
service slapd start
works.

For more information, if I echo

Code:
$prog $ulimit ${slapd} -h "\"$harg\"" -u ${user} $OPTIONS $SLAPD_OPTIONS
in function start(), I get

Code:
slapd /usr/sbin/slapd -h "ldap:/// ldapi:///" -u ldap
When I run this in the command line, the slapd service also starts successfully.

So, it looks

Code:
$prog $ulimit ${slapd} -h "\"$harg\"" -u ${user} $OPTIONS $SLAPD_OPTIONS
does not work only in /etc/init.d/slapd.

Does anyone know the reason for this and help me to solve the problem without changing the original /etc/init.d/slapd file.

Thanks and regards,
Chen Bo
 
Old 01-20-2012, 10:51 PM   #2
eeekster
Member
 
Registered: Sep 2011
Posts: 158

Rep: Reputation: Disabled
Does it give an error when it "doesn't work"? Did you check what's in /etc/openldap/slapd.conf?
 
  


Reply

Tags
centos, openldap


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
service ldap start on CentOS fail to start Frezier Linux - Newbie 1 08-15-2011 09:53 AM
unable to start network service on my centos box sandeemuthathi Linux - Newbie 6 11-28-2010 08:13 AM
service bla start not working on CentOS wimnat Linux - Software 1 08-04-2010 02:54 PM
[SOLVED] Can't start https service in Centos 5. brave heart Red Hat 5 05-15-2007 10:04 PM
msyql service won't start on CentOS 4.4 dbyy Linux - Server 10 04-14-2007 02:25 AM


All times are GMT -5. The time now is 05:31 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration