# I cannot launch openldap [solved]

## bluephoenix

Dears,

I roughly follow https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP to install and try to enable openldap in my server. But I get the following error message:

```

SLYWE01COLORFUL openldap # service slapd start

Authenticating root.

Password: 

 * Starting ldap-server ...

 * start-stop-daemon: failed to start `/usr/lib64/openldap/slapd'         [ !! ]

 * ERROR: slapd failed to start

```

My log file has the similar output:

```
Aug 23 19:26:45 SLYWE01COLORFUL slapd[1241]: @(#) $OpenLDAP: slapd 2.4.38 (Jul 13 2015 02:49:33) $

        @SLYWE01COLORFUL:/var/tmp/portage/net-nds/openldap-2.4.38-r2/work/openldap-2.4.38-abi_x86_64.amd64/servers/slapd

Aug 23 19:26:45 SLYWE01COLORFUL slapd[1244]: DIGEST-MD5 common mech free

Aug 23 19:26:45 SLYWE01COLORFUL /etc/init.d/slapd[1240]: start-stop-daemon: failed to start `/usr/lib64/openldap/slapd'

Aug 23 19:26:45 SLYWE01COLORFUL /etc/init.d/slapd[1223]: ERROR: slapd failed to start

```

My slapd.conf is as follows:

```

include         /etc/openldap/schema/core.schema

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/inetorgperson.schema

include         /etc/openldap/schema/nis.schema

include         /etc/openldap/schema/misc.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid

argsfile        /var/run/openldap/slapd.args

#loglevel       296

#replogfile     /var/log/ldap.log 

# Load dynamic backend modules:

# modulepath    /usr/lib64/openldap/openldap

# moduleload    back_sock.so

# moduleload    back_shell.so

# moduleload    back_relay.so

# moduleload    back_passwd.so

# moduleload    back_null.so

# moduleload    back_monitor.so

# moduleload    back_meta.so

# moduleload    back_ldap.so

# moduleload    back_dnssrv.so

# Sample security restrictions

#       Require integrity protection (prevent hijacking)

#       Require 112-bit (3DES or better) encryption for updates

#       Require 63-bit encryption for simple bind

# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:

#       Root DSE: allow anyone to read it

#       Subschema (sub)entry DSE: allow anyone to read it

#       Other DSEs:

#               Allow self write access

#               Allow authenticated users read access

#               Allow anonymous users to authenticate

#       Directives needed to implement policy:

access to dn.base="" by * read

access to dn.base="cn=Subschema" by * read

access to *

        by self write

        by users read

        by anonymous auth

#

# if no access controls are present, the default policy

# allows anyone and everyone to read anything but restricts

# updates to rootdn.  (e.g., "access to * by * read")

#

# rootdn can always read and write EVERYTHING!

#######################################################################

# BDB database definitions

#######################################################################

database        hdb

suffix          "dc=uyangwei,dc=cn"

#         <kbyte> <min>

checkpoint      32      30 

rootdn          "cn=Manager,dc=uyangwei,dc=cn"

# Cleartext passwords, especially for the rootdn, should

# be avoid.  See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged. 

rootpw          {SSHA}fUJUu9xJpIs3CQX2uF3ZgykBV+yZD0ZD

# The database directory MUST exist prior to running slapd AND 

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory       /var/lib/openldap-data

# Indices to maintain

index   objectClass     eq

```

I passed both the following verification:

```

slaptest -v -d 1 -f /etc/openldap/slapd.conf

slaptest -v -d 1 -F /etc/openldap/slapd.d

```

I am using SELinux arch but only let it works in alert mode, I don't think this impacts the issue.

So what's wrong with my configuration?Last edited by bluephoenix on Tue Sep 01, 2015 11:46 pm; edited 1 time in total

----------

## bluephoenix

I think I forget installing BerkelyDB. I don't understand why need I install it as the prerequisite of openldap. I put the USE key word "berkdb" in the make.conf. I think portage will install the database software automatically.

I checked the document of openldap project. I found openldap now propose to use LMDB instead of BerkelyDB. And LMDB is integrated in the openldap and I don't need to install anything else.

So at last I just modified "slapd.conf" database option to "mdb" and set a maxsize option and the service launched.

----------

