LDAP: slapd is not listening!

jjge · 01-09-2004, 09:55 AM

I am running openLDAP on Slackware 9.1. The daemon slapd starts up without parameters and is visible in "ps ax", but somehow it is not listening on default port 389, nor on any other port (I tried fuser -n tcp 389 and netstat -l -p).

I do not see anything remarkable in /var/log/messages or debug, nor does strace give me a clue-- but I do not know exactly what to look for...

Can anyone help me? advthanksance joopg

david_ross · 01-09-2004, 03:03 PM

Can you post the output of:
netstat -nlp

Also the contents of your slapd.conf file.

jjge · 01-10-2004, 07:19 AM

OK, here it is:
****************** slapd.conf ***********************************************
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/mull.schema
#
#include_/usr/share/openldap/schema/corba.schema
#include_/usr/share/openldap/schema/java.schema
#include_/usr/share/openldap/schema/krb5-kdc.schema
#include /usr/share/openldap/schema/kerberosobject.schema
#include_/usr/share/openldap/schema/misc.schema
#include_/usr/share/openldap/schema/nis.schema
#include_/usr/share/openldap/schema/openldap.schema
#include /usr/share/openldap/schema/autofs.schema
#include /usr/share/openldap/schema/samba.schema
#include_/etc/openldap/schema/local.schema
#include ________/etc/openldap/slapd.access.conf
#

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /usr/local/openldap-2.1.2/var/slapd.pid
argsfile /usr/local/openldap-2.1.2/var/slapd.args

# Load dynamic backend modules:
# modulepath /usr/local/openldap-2.1.2/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy is:
# Allow read by all
#
# rootdn can always write!

#######################################################################
# ldbm database definitions
#######################################################################

database bdb
suffix "dc=jjge,dc=de"
rootdn "cn=Manager,dc=jjge,dc=de"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw ****
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/openldap-2.1.2/var/openldap-data
# Indices to maintain
index objectClass eq
index cn,sn,uid pres,eq,sub
lastmod on
# Access Rights
access to attr=userpassword
by self write
by anonymous auth
by dn="cn=Manager,dc=jjge,dc=de" write
by * none
access to attr=mail
by self write
by dn=".*,dc=jjge,dc=de" read
by * search
access to attr=entry
by * read
access to dn=".*,ou=Roaming,dc=jjge,dc=de/"
by dnattr=owner write
access to *
by self write
by dn=".*,dc=jjge,dc=de" read
by anonymous auth
by * none
# LDAP object size restriction
sockbuf_max_incoming 1000000

*** output from netstat -nlp ***************************************************
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN 1197/inetd
tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN 1197/inetd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1225/smbd
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1216/sendmail: acce
tcp 0 0 0.0.0.0:11 0.0.0.0:* LISTEN 1197/inetd
tcp 0 0 127.0.0.1:7501 0.0.0.0:* LISTEN 1260/ncpd
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1197/inetd
tcp 0 0 0.0.0.0:79 0.0.0.0:* LISTEN 1197/inetd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1096/rpc.portmap
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 1197/inetd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1197/inetd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1200/sshd
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 1242/cupsd
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 1197/inetd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1216/sendmail: acce
udp 0 0 0.0.0.0:512 0.0.0.0:* 1197/inetd
udp 0 0 0.0.0.0:32769 0.0.0.0:* -
udp 0 0 0.0.0.0:518 0.0.0.0:* 1197/inetd
udp 0 0 192.168.87.5:137 0.0.0.0:* 1227/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 1227/nmbd
udp 0 0 192.168.87.5:138 0.0.0.0:* 1227/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 1227/nmbd
udp 0 0 0.0.0.0:800 0.0.0.0:* -
udp 0 0 0.0.0.0:37 0.0.0.0:* 1197/inetd
udp 0 0 0.0.0.0:111 0.0.0.0:* 1096/rpc.portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 1242/cupsd
udp 0 0 127.0.0.1:1023 0.0.0.0:* 1267/plpnfsd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 1539 1345/gdm-binary /tmp/.gdm_socket
unix 2 [ ACC ] STREAM LISTENING 39359 8956/kdeinit: ksmse /tmp/.ICE-unix/8956
unix 2 [ ACC ] STREAM LISTENING 39322 8951/artsd /tmp/mcop-jjge/Penti_jjge-22f7-3fffc568
unix 2 [ ACC ] STREAM LISTENING 37344 7315/X /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 1562 1358/postmaster /tmp/.s.PGSQL.5432
unix 2 [ ACC ] STREAM LISTENING 39209 8927/kdeinit: dcops /tmp/.ICE-unix/dcop8927-1073726822
unix 2 [ ACC ] STREAM LISTENING 39230 8930/kdeinit: klaun /tmp/ksocket-jjge/klaunchersbUtea.slave-socket
unix 2 [ ACC ] STREAM LISTENING 1365 1230/gpm /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 39205 8924/kdeinit: Runni /tmp/ksocket-jjge/kdeinit-:0
Active IPX sockets
Proto Recv-Q Send-Q Local Address Foreign Address State

david_ross · 01-10-2004, 07:35 AM

Try setting:
loglevel 8

In slapd.conf then stop slapd:
killall slapd

Then manually start slapd and look for errors in the output:
/path/to/slapd

jjge · 01-10-2004, 08:03 AM

I found the following in /var/log/debug:

Jan 10 14:56:34 Penti slapd[10965]: daemon: socket() failed errno=97 (Address family not supported by protocol)
Jan 10 14:56:34 Penti slapd[10965]: bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002)
Jan 10 14:56:35 Penti slapd[10965]: /usr/local/etc/openldap/schema/mull.schema: line 45: unknown directive ")" outside backend info and database definitions (ignored)
Jan 10 14:56:35 Penti slapd[10965]: bdb_db_init: Initializing BDB database

The first line looks relevant, but it is not exactly clear to me what it should mean... which address family?

david_ross · 01-10-2004, 08:11 AM

Was that with the debug increased? Try:
/path/to/slapd -d8

A bit of googleing shows that people have had similar messages from ssl cert file permissions not being readable by the ldap user.

jjge · 01-10-2004, 10:02 AM

yes, I did set loglevel 8 before restarting.

Anyway, slapd -d8 gives similar messages, in particular the "address family not supported" message.