# openldap wont start [solved]

## Ejunkie

iam trying to setup an openldap server but it wont start. the error i get is

```

daemon_init: ldaps:// ldap:// ldapi://

daemon_init: listen on ldaps://

daemon_init: listen on ldap://

daemon_init: listen on ldapi://

daemon_init: 3 listeners to open...

ldap_url_parse_ext(ldaps://)

daemon: listener initialized ldaps://

ldap_url_parse_ext(ldap://)

daemon: listener initialized ldap://

ldap_url_parse_ext(ldapi://)

daemon: listener initialized ldapi://

daemon_init: 5 listeners opened

ldap_create

ldap_url_parse_ext(ldap://127.0.0.1)

ldap_create

ldap_url_parse_ext(ldap://127.0.0.1)

ldap_create

ldap_url_parse_ext(ldap://127.0.0.1)

ldap_simple_bind

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP 127.0.0.1:389

ldap_new_socket: 12

ldap_prepare_socket: 12

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_connect_timeout: fd: 12 tm: 30 async: 0

ldap_ndelay_on: 12

ldap_is_sock_ready: 12

ldap_is_socket_ready: error on socket 12: errno: 111 (Connection refused)

ldap_close_socket: 12

ldap_err2string

ldap_unbind

```

now this is when i start openldap with the user and group ldap. when i start ldap as root it just starts

the funny thing i found out is in /var/run/openldap the socket file slapd.sock is set to root.

when i try to set the user and group to ldap en try to start openldap it changes the user and group to root again.

openldap version:

openldap-2.3.24-r1

@(#) $OpenLDAP: slapd 2.3.24 (Aug 21 2006 03:32:51) $

on an amd64

i hope someone could help meLast edited by Ejunkie on Thu Aug 24, 2006 10:14 am; edited 2 times in total

----------

## fxlamare

Hi!

   Check owner and group of your /var/lib/openldap* directories. 

You should have : 

```
datacenter ~ # ls /var/lib/openldap-* -ld

drwx------  2 ldap ldap 632 Jun 22 14:27 /var/lib/openldap-data

drwx------  2 ldap ldap  72 Dec 15  2005 /var/lib/openldap-ldbm

drwx------  2 ldap ldap  72 Dec 15  2005 /var/lib/openldap-slurp
```

   check also files inside /var/lib/openldap-data.

  this often happens when I restore the backend DB, as root, ==> owner and group are always changed.

regards from France...

----------

## Ejunkie

 *fxlamare wrote:*   

> Hi!
> 
>    Check owner and group of your /var/lib/openldap* directories. 
> 
> 

 

yes thay are all assigned to group and user ldap, inside and outside the dirs

iam tryed an re-emerge of openldap mayby that works. but id diddnt

----------

## perlpimp

Same here, i get this in the /var/log/messages:

Aug 23 16:30:53 neo slapd[20727]: @(#) $OpenLDAP: slapd 2.3.24 (Aug 22 2006 23:02:30) $ 	root@neo:/mnt/2datacore/tmp/portage/openldap-2.3.24-r1/work/openldap-2.3.24/servers/slapd

Aug 23 16:30:53 neo slapd[20727]: daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol)

Aug 23 16:30:53 neo slapd[20727]: daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol)

Aug 23 16:30:53 neo slapd[20727]: slapd stopped.

Aug 23 16:30:53 neo slapd[20727]: connections_destroy: nothing to destroy.

----------

## Ejunkie

post you config file

----------

## Ejunkie

i think i have solved my problem

nss_ldap was blocking openldap

in /etc/ldap.conf

i changed bind_policy from hard to soft

----------

## fxlamare

Hmmm... didn't find that much information about the bind_policy parameter out there...

Maybe :

http://www.nabble.com/nss_ldap-1.244-timeout-t1046418.html

http://gentoo-wiki.com/HOWTO_LDAPv3

I guess that nss_ldap could cause problem with slapd while resolving the user/group id 'ldap' during startup.

Because the server is not UP yet , the operation would fail.

If my guess is correct, I assume that in the /etc/nsswitch.conf, for user/group entries, you have ldap placed first

what I would change to :

```

passwd:  files ldap

group:   files ldap

```

Again, it's a guess... don't flame i simply try to understand...   :Very Happy: 

best regards from france, where it's rainy... as usual over there !

----------

## Ejunkie

it wassnt just at server bootup also when i was trying to restart ldap, it diddnt wat to start. until is set the bind_policy to soft

it loook something like this

```

# Bind/connect timelimit

#bind_timelimit 30

# Reconnect policy:

#  hard_open: reconnect to DSA with exponential backoff if

#             opening connection failed

#  hard_init: reconnect to DSA with exponential backoff if

#             initializing connection failed

#  hard:      alias for hard_open

#  soft:      return immediately on server failure

bind_policy soft

# Connection policy:

#  persist:   DSA connections are kept open (default)

#  oneshot:   DSA connections destroyed after request

#nss_connect_policy persist

```

my /etc/nsswitch.conf looks just something like that, first files then ldap

 *Quote:*   

> 
> 
> best regards from france, where it's rainy... as usual over there !
> 
> 

 

issnt that in belguim ? a well its also rainy here in the nederlands

thenx for the help

----------

## fxlamare

 :Smile:    well as far as I remember, I live in rance... if I consider all the money i give to my government, yes , it's sure, i MUST be French   :Wink: 

If you click the green arrow and zoom-in in google maps, you'll find your way to Lille (also called Rijsel in Belgium).

By the way, it's only 15mins far from Belgium...

Well I'm off-topic, dear admins, please excuse this parenthesis...

----------

