# OpenLDAP unable to start slapd [SOLVED]

## NismoC32

I have emerged OpenLDAP and phpldapadmin.

I then configured the ldap.conf and slapd.conf using the Gentoo howto: http://www.gentoo.org/doc/en/ldap-howto.xml

as a guide.

But when i try to start the slapd deamon I get this error:

 *Quote:*   

> fserver ~ # /etc/init.d/slapd start
> 
>  * Starting ldap-server ...
> 
>  * start-stop-daemon: failed to start `/usr/lib64/openldap/slapd'         [ !! ]
> ...

 

When I run the slaptest I get this:

 *Quote:*   

> fserver ~ # slaptest
> 
> 51dd4ac4 hdb_db_open: database "dc=nismoc32,dc=local": db_open(/var/lib/openldap-data/id2entry.bdb) failed: No such file or directory (2).
> 
> 51dd4ac4 backend_startup_one (type=hdb, suffix="dc=nismoc32,dc=local"): bi_db_open failed! (2)
> ...

 

If I use the -u switch it reports everything is OK.

 *Quote:*   

> fserver ~ # slaptest -u
> 
> config file testing succeeded

 

My emerge --info data:

```
Portage 2.1.12.2 (hardened/linux/amd64, gcc-4.6.3, glibc-2.15-r3, 3.8.13-gentoo x86_64)

=================================================================

System uname: Linux-3.8.13-gentoo-x86_64-AMD_FX-tm-8350_Eight-Core_Processor-with-gentoo-2.2

KiB Mem:    32866180 total,   1280320 free

KiB Swap:          0 total,         0 free

Timestamp of tree: Wed, 10 Jul 2013 07:30:01 +0000

ld GNU ld (GNU Binutils) 2.23.1

app-shells/bash:          4.2_p45

dev-java/java-config:     2.1.12-r1

dev-lang/python:          2.7.5, 3.2.5-r1

dev-util/cmake:           2.8.10.2-r2

dev-util/pkgconfig:       0.28

sys-apps/baselayout:      2.2

sys-apps/openrc:          0.11.8

sys-apps/sandbox:         2.6-r1

sys-devel/autoconf:       2.13, 2.69

sys-devel/automake:       1.11.6, 1.12.6

sys-devel/binutils:       2.23.1

sys-devel/gcc:            4.6.3

sys-devel/gcc-config:     1.7.3

sys-devel/libtool:        2.4-r1

sys-devel/make:           3.82-r4

sys-kernel/linux-headers: 3.7 (virtual/os-headers)

sys-libs/glibc:           2.15-r3

Repositories: gentoo espenaf

ACCEPT_KEYWORDS="amd64"

ACCEPT_LICENSE="*"

CBUILD="x86_64-pc-linux-gnu"

CFLAGS="-march=native -O2 -pipe"

CHOST="x86_64-pc-linux-gnu"

CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/polkit-1/actions /usr/share/themes/oxygen-gtk/gtk-2.0 /var/bind"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"

CXXFLAGS="-march=native -O2 -pipe"

DISTDIR="/usr/portage/distfiles"

FCFLAGS="-O2 -pipe"

FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch xattr"

FFLAGS="-O2 -pipe"

GENTOO_MIRRORS="http://distfiles.gentoo.org"

LANG="nb_NO.UTF-8"

LDFLAGS="-Wl,-O1 -Wl,--as-needed"

MAKEOPTS="-j6"

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

PORTDIR_OVERLAY="/var/lib/layman/espenaf"

SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="3dnow X a52 aac acl acpi amd64 avahi berkdb browserplugin bzip2 cairo cdb cdr cli consolekit cracklib crypt cxx dba dbus dri dvd dvdr dvdread ftp g3dvl gd gdbm gles gles2 gpm hardened iconv ieee1394 imagemagick ipv6 jpeg jpeg2k justify kde kde4 lm_sensors logitech-mouse mdnsresponder-compat mhash mime mmx modules mozilla mozsvg mudflap multilib mysql ncurses nfs nls nptl nptlonly nsplugin opengl openmp pam pax_kernel pcre pdf plasma pmu policykit qt3support qt4 rar readline rss samba server session sharedmem slang sockets sql sse sse2 sse3 ssl ssse3 static-libs svg tcpd truetype typ1-fonts udev unicode urandom utf8 vdpau webkit zeroconf zip zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-4" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby19 ruby18" USERLAND="GNU" VIDEO_CARDS="nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
```

This is my slapd.conf file:

```
#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

include         /etc/openldap/schema/core.schema

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/inetorgperson.schema

include         /etc/openldap/schema/nis.schema

include         /etc/openldap/schema/misc.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid

argsfile        /var/run/openldap/slapd.args

loglevel        0

# Load dynamic backend modules:

# modulepath    /usr/lib64/openldap/openldap

# moduleload    back_sock.so

# moduleload    back_shell.so

# moduleload    back_relay.so

# moduleload    back_passwd.so

# moduleload    back_null.so

# moduleload    back_monitor.so

# moduleload    back_meta.so

# moduleload    back_ldap.so

# moduleload    back_dnssrv.so

# Sample security restrictions

#       Require integrity protection (prevent hijacking)

#       Require 112-bit (3DES or better) encryption for updates

#       Require 63-bit encryption for simple bind

# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:

#       Subschema (sub)entry DSE: allow anyone to read it

#       Other DSEs:

#               Allow self write access

#               Allow authenticated users read access

#               Allow anonymous users to authenticate

#       Directives needed to implement policy:

access to dn.base="" by * read

access to dn.base="cn=Subschema" by * read

access to *

        by self write

        by users read

        by anonymous auth

# if no access controls are present, the default policy

# allows anyone and everyone to read anything but restricts

# updates to rootdn.  (e.g., "access to * by * read")

#

# rootdn can always read and write EVERYTHING!

#######################################################################

# BDB database definitions

#######################################################################

database        hdb

suffix          "dc=nismoc32,dc=local"

#               <kbyte> <min>

checkpoint      32      30

rootdn          "cn=admin,dc=nismoc32,dc=local"

rootpw          result fom slappasswrd

directory       /var/lib/openldap-data

# Indices to maintain

index   objectClass     eq
```

My /etc/openldap/ldap.conf:

```
#

# LDAP Defaults

#

# See ldap.conf(5) for details

# This file should be world readable but not world writable.

BASE    dc=nismoc32,dc=local

#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

URI     ldap://localhost

#SIZELIMIT      12

TIMELIMIT       15

TLS_REQCERT     allow

#DEREF          never
```

My USE flag for OpenLDAP:

```
[ebuild   R    ] net-nds/openldap-2.4.30  USE="berkdb crypt ipv6 samba sasl ssl syslog tcpd -cxx -debug -experimental -gnutls -icu -iodbc -kerberos -minimal -odbc -overlays -perl (-selinux) -slp -smbkrb5passwd" 0 kB
```

The /var/lib/openldap-data folder was created by portage and has the correct owner and rights.

I have searched for a solution on this problem online but havent had any luck so far.

Is there anyone here who can shed some light on whats wrong   :Question: Last edited by NismoC32 on Sun Jul 14, 2013 10:15 pm; edited 1 time in total

----------

## hika

Have you set the ownership of both /etc/openldap and /var/lib/openldap-data and its contents to ldap.ldap.

Also check if /run/openldap exists.

Hika

----------

## NismoC32

Thanks for the input hika.

It turns out that the owner for the files in the openvpn-data was owned by root, despite the folder was owned by ldap.

After I changed the owner/user to ldap for all the files under the /var/lib/openldap-data folder everything worked.

Thanks.

----------

## hika

That happens always when you add ldifs with slapadd, for it runs as root. Slaptest won't complain for you also run it as root.

So always after you add data wih slapadd, reset the ownership! It's a quit standard starter fault.

Hika

----------

