LDAP: slapd is not listening!
I am running openLDAP on Slackware 9.1. The daemon slapd starts up without parameters and is visible in "ps ax", but somehow it is not listening on default port 389, nor on any other port (I tried fuser -n tcp 389 and netstat -l -p).
I do not see anything remarkable in /var/log/messages or debug, nor does strace give me a clue-- but I do not know exactly what to look for... Can anyone help me? advthanksance joopg |
Can you post the output of:
netstat -nlp Also the contents of your slapd.conf file. |
OK, here it is:
****************** slapd.conf *********************************************** # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/mull.schema # #include_/usr/share/openldap/schema/corba.schema #include_/usr/share/openldap/schema/java.schema #include_/usr/share/openldap/schema/krb5-kdc.schema #include /usr/share/openldap/schema/kerberosobject.schema #include_/usr/share/openldap/schema/misc.schema #include_/usr/share/openldap/schema/nis.schema #include_/usr/share/openldap/schema/openldap.schema #include /usr/share/openldap/schema/autofs.schema #include /usr/share/openldap/schema/samba.schema #include_/etc/openldap/schema/local.schema #include ________/etc/openldap/slapd.access.conf # # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /usr/local/openldap-2.1.2/var/slapd.pid argsfile /usr/local/openldap-2.1.2/var/slapd.args # Load dynamic backend modules: # modulepath /usr/local/openldap-2.1.2/libexec/openldap # moduleload back_bdb.la # moduleload back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy is: # Allow read by all # # rootdn can always write! ####################################################################### # ldbm database definitions ####################################################################### database bdb suffix "dc=jjge,dc=de" rootdn "cn=Manager,dc=jjge,dc=de" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw **** # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/openldap-2.1.2/var/openldap-data # Indices to maintain index objectClass eq index cn,sn,uid pres,eq,sub lastmod on # Access Rights access to attr=userpassword by self write by anonymous auth by dn="cn=Manager,dc=jjge,dc=de" write by * none access to attr=mail by self write by dn=".*,dc=jjge,dc=de" read by * search access to attr=entry by * read access to dn=".*,ou=Roaming,dc=jjge,dc=de/" by dnattr=owner write access to * by self write by dn=".*,dc=jjge,dc=de" read by anonymous auth by * none # LDAP object size restriction sockbuf_max_incoming 1000000 *** output from netstat -nlp *************************************************** Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN 1197/inetd tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN 1197/inetd tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1225/smbd tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1216/sendmail: acce tcp 0 0 0.0.0.0:11 0.0.0.0:* LISTEN 1197/inetd tcp 0 0 127.0.0.1:7501 0.0.0.0:* LISTEN 1260/ncpd tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1197/inetd tcp 0 0 0.0.0.0:79 0.0.0.0:* LISTEN 1197/inetd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1096/rpc.portmap tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 1197/inetd tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1197/inetd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1200/sshd tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 1242/cupsd tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 1197/inetd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1216/sendmail: acce udp 0 0 0.0.0.0:512 0.0.0.0:* 1197/inetd udp 0 0 0.0.0.0:32769 0.0.0.0:* - udp 0 0 0.0.0.0:518 0.0.0.0:* 1197/inetd udp 0 0 192.168.87.5:137 0.0.0.0:* 1227/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 1227/nmbd udp 0 0 192.168.87.5:138 0.0.0.0:* 1227/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 1227/nmbd udp 0 0 0.0.0.0:800 0.0.0.0:* - udp 0 0 0.0.0.0:37 0.0.0.0:* 1197/inetd udp 0 0 0.0.0.0:111 0.0.0.0:* 1096/rpc.portmap udp 0 0 0.0.0.0:631 0.0.0.0:* 1242/cupsd udp 0 0 127.0.0.1:1023 0.0.0.0:* 1267/plpnfsd Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 1539 1345/gdm-binary /tmp/.gdm_socket unix 2 [ ACC ] STREAM LISTENING 39359 8956/kdeinit: ksmse /tmp/.ICE-unix/8956 unix 2 [ ACC ] STREAM LISTENING 39322 8951/artsd /tmp/mcop-jjge/Penti_jjge-22f7-3fffc568 unix 2 [ ACC ] STREAM LISTENING 37344 7315/X /tmp/.X11-unix/X0 unix 2 [ ACC ] STREAM LISTENING 1562 1358/postmaster /tmp/.s.PGSQL.5432 unix 2 [ ACC ] STREAM LISTENING 39209 8927/kdeinit: dcops /tmp/.ICE-unix/dcop8927-1073726822 unix 2 [ ACC ] STREAM LISTENING 39230 8930/kdeinit: klaun /tmp/ksocket-jjge/klaunchersbUtea.slave-socket unix 2 [ ACC ] STREAM LISTENING 1365 1230/gpm /dev/gpmctl unix 2 [ ACC ] STREAM LISTENING 39205 8924/kdeinit: Runni /tmp/ksocket-jjge/kdeinit-:0 Active IPX sockets Proto Recv-Q Send-Q Local Address Foreign Address State |
Try setting:
loglevel 8 In slapd.conf then stop slapd: killall slapd Then manually start slapd and look for errors in the output: /path/to/slapd |
I found the following in /var/log/debug:
Jan 10 14:56:34 Penti slapd[10965]: daemon: socket() failed errno=97 (Address family not supported by protocol) Jan 10 14:56:34 Penti slapd[10965]: bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002) Jan 10 14:56:35 Penti slapd[10965]: /usr/local/etc/openldap/schema/mull.schema: line 45: unknown directive ")" outside backend info and database definitions (ignored) Jan 10 14:56:35 Penti slapd[10965]: bdb_db_init: Initializing BDB database The first line looks relevant, but it is not exactly clear to me what it should mean... which address family? |
Was that with the debug increased? Try:
/path/to/slapd -d8 A bit of googleing shows that people have had similar messages from ssl cert file permissions not being readable by the ldap user. |
yes, I did set loglevel 8 before restarting.
Anyway, slapd -d8 gives similar messages, in particular the "address family not supported" message. |
All times are GMT -5. The time now is 12:33 AM. |