# Problems starting and stopping openLDAP

## Lynggaard

I'm having problems starting and stopping OpenLDAP.

I have just emerged openLDAP 2.0.27-r2

running /etc/init.d/slapd start gives me 

" * Starting ldap-server...

/etc/openldap/slapd.conf: Permission denied

touch: creating `/var/state/openldap/slapd.pid': No such file or directory

chown: failed to get attributes of `/var/state/openldap/slapd.pid': No such file or directory                                                             [ !! ] 

"

then I did the following 

* created the folder /var/state/openldap

* chgrp ldap /var/state/openldap

* chgrp -R ldap /etc/openldap

Now it starts, but it won't stop, instaed it gives

 * Stopping ldap-server...                                                [ !! ]

and trying a /etc/init.d/slapd gives me a server allready started

what have I done wrong ?

----------

## rojaro

hi lynggaard,

you didn't do anything wrong - i just tumbled over the same problem, but found the reason and a solution. it seems whoever made the ebuild messed up with the default config file and the init script. 

if you have slapd running - shut it down by running "killall -INT slapd".

create a directory /var/run/openldap as root

edit the /etc/openldap/slapd.conf file and search for these two lines:

```
pidfile         /var/lib/slapd.pid

argsfile        /var/lib/slapd.args
```

and change them into the following

```
pidfile         /var/run/openldap/slapd.pid

argsfile        /var/run/openldap/slapd.args
```

now open the slapd initscript (/etc/init.d/slapd) and change the pidfile parameter into "/var/run/openldap/slapd.pid" in the start and the stop functions.

now delete the /var/lib/slapd.pid and /var/lib/slapd.args files and also those directories you've made. then run /etc/init.d/slapd zap to notify the rc script that openldap isnt running anymore.

now you should be able to start and stop slapd as usual.

----------

## flowctrl

 *rojaro wrote:*   

> hi lynggaard,
> 
> you didn't do anything wrong - i just tumbled over the same problem, but found the reason and a solution. it seems whoever made the ebuild messed up with the default config file and the init script. 
> 
> if you have slapd running - shut it down by running "killall -INT slapd".
> ...

 

Thanks, rojaro.  Note also that you may also have to:

```
rm /var/lib/init.d/started/slapd

```

--

http://oss.netmojo.ca

----------

## denic

Hi,

I get the same error.

But your instruction to remove the error did not work for me.

----------

## Rhysem

I had the same problem -- slapd is running as user/group ldap which doesn't have permission to write to the (now created by the ebuild) /var/run/openldap directory. That's cause /var/run/openldap is owned by root. Chown it to ldap.ldap and it then will start. (for me at least)

----------

## drzero

I have a similar problem, with openldap 2.0.27-r4 I can only get it to start if I make it run as root by changing:

```
eval start-stop-daemon --start --quiet --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
```

into:

```
eval start-stop-daemon --start --quiet --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd -- "${OPTS}"
```

I have tried lots of stuff, I even tried stracing it and it seems that it isn't allowed to listen to the ldap port because it is below 1024 and I can't remember how I can give the ldap user permission to use a port below 1024. Can anybody enlighten me?

----------

## drzero

I have it working now, it turns out /var/lib/openldap-ldbm/* was owned by root. A quick chown ldap.ldap fixed it so that slapd can start as user ldap now!  :Smile: 

----------

## pyro-x

Same problem here with openldap version 2.0.27-r4

But i fixed it doing a:

```
chown ldap: /etc/openldap/slapd.conf
```

I don't know if it was broken before, or if i broke it when i created that  file, but it seems /etc/init.d/slapd couldn't read it because it starts as user ldap.  Well it seems this fixed it. 

Cheers,

Pyro-X

----------

## tecknojunky

Similar problem here, /etc/init.d/slapd start gives [!!].

Everything mentionned in this thread seem to be already configured properly on my system.  The only thing that could be problematic is that not all files in /etc/openldap are own by group ldap, but I'm afraid to mess with this and get a unsecure system.

```
openldap # ls -l

total 82

-rw-r--r--    1 root     root          397 Sep 25 15:34 ldap.conf

-rw-r--r--    1 root     root          337 Aug  9 01:48 ldap.conf.default

-rw-r--r--    1 root     root         3122 Aug  9 01:48 ldapfilter.conf

-rw-r--r--    1 root     root         3122 Aug  9 01:48 ldapfilter.conf.default

-rw-r--r--    1 root     root         5043 Aug  9 01:48 ldapsearchprefs.conf

-rw-r--r--    1 root     root         5043 Aug  9 01:48 ldapsearchprefs.conf.default

-rw-r--r--    1 root     root        16452 Aug  9 01:48 ldaptemplates.conf

-rw-r--r--    1 root     root        16452 Aug  9 01:48 ldaptemplates.conf.default

drwxr-xr-x    2 root     root          712 Aug  9 01:48 schema

-rw-r-----    1 root     ldap         2227 Sep 25 15:37 slapd.conf

-rw-r-----    1 root     ldap         1790 Aug  9 01:48 slapd.conf.default

drwxr-xr-x    2 root     root          104 Aug  9 01:48 ssl

```

It would help if the init scripts would print the error messages instead of just !!.

----------

