[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OpenLDAP 2.2.13-2: slapd will not bind to port
Ladies & Gentlemen,
I am trying to configure OpenLDAP on CentOS 4 and am having a little problem. Perhaps you can help.
The LDAP has been running fine for a number of weeks, however, it has recently stopped binding to port 389 (or any other port for that matter)
A netstat -nlp shows no slapd as you would expect it to.
Very little has changed on the box, some apache configuration, nothing that should have affected slapd.
So, I have done rpm -e on all the openldap packages, and the reinstalled the all using rpm -i.
Still the symptom persists. I have run slapd in debugging mode, the output has been attached below alone with everything else I can think to add at this time.
Hopefully someone has a good suggestion.
Kind regards,
Adam.
PS. Even if you cannot help, I would be interested to see the output of a debug from a 'working' slapd, so I can compare it to my broken debug. So if you have a working config, please run the debug (syntax below) and pass it on.
RPM
[root@niab ~]# rpm -qa | grep openldap
openldap-clients-2.2.13-2
openldap-devel-2.2.13-2
openldap-2.2.13-2
openldap-servers-2.2.13-2
[root@niab ~]#
UNAME
[root@niab ~]# uname -a
Linux niab.niab.local 2.6.9-5.0.5.ELsmp #1 SMP Wed Apr 20 00:16:40 BST 2005 i686 i686 i386 GNU/Linux
[root@niab ~]#
SLAPD.CONF
[root@niab ~]# cat /etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
# Allow LDAPv2 client connections. This is NOT the default.
#allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
[root@niab ~]#
TESTING
[root@niab ~]# /usr/sbin/slapd -h ldap:/// -d -1 2> /var/log/slapd.out
[root@niab ~]# ps -ef | grep slapd
root 2903 2853 0 08:25 pts/2 00:00:00 /usr/sbin/slapd -h ldap:/// -d -1
root 2992 2904 0 08:52 pts/3 00:00:00 grep slapd
[root@niab ~]#
[root@niab ~]# netstat -npl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN 1514/rpc.statd
tcp 0 0 0.0.0.0:32770 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1925/smbd
tcp 0 0 0.0.0.0:683 0.0.0.0:* LISTEN 1778/rpc.mountd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1494/portmap
tcp 0 0 192.168.0.131:53 0.0.0.0:* LISTEN 2000/named
tcp 0 0 192.168.0.130:53 0.0.0.0:* LISTEN 2000/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2000/named
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1805/vsftpd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1686/cupsd
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 1887/(squid)
tcp 0 0 0.0.0.0:664 0.0.0.0:* LISTEN 1756/rpc.rquotad
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2000/named
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1820/exim
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1925/smbd
tcp 0 0 :::993 :::* LISTEN 1669/dovecot
tcp 0 0 :::143 :::* LISTEN 1669/dovecot
tcp 0 0 :::80 :::* LISTEN 2062/httpd
tcp 0 0 :::22 :::* LISTEN 1727/sshd
tcp 0 0 :::25 :::* LISTEN 1820/exim
tcp 0 0 :::443 :::* LISTEN 2062/httpd
udp 0 0 0.0.0.0:32768 0.0.0.0:* 1514/rpc.statd
udp 0 0 0.0.0.0:2049 0.0.0.0:* -
udp 0 0 0.0.0.0:514 0.0.0.0:* 1469/syslogd
udp 0 0 0.0.0.0:32771 0.0.0.0:* -
udp 0 0 0.0.0.0:32772 0.0.0.0:* 1887/(squid)
udp 0 0 0.0.0.0:32773 0.0.0.0:* 2000/named
udp 0 0 192.168.0.130:137 0.0.0.0:* 1929/nmbd
udp 0 0 192.168.0.131:137 0.0.0.0:* 1929/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 1929/nmbd
udp 0 0 192.168.0.130:138 0.0.0.0:* 1929/nmbd
udp 0 0 192.168.0.131:138 0.0.0.0:* 1929/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 1929/nmbd
udp 0 0 0.0.0.0:1812 0.0.0.0:* 1855/radiusd
udp 0 0 0.0.0.0:1813 0.0.0.0:* 1855/radiusd
udp 0 0 0.0.0.0:661 0.0.0.0:* 1756/rpc.rquotad
udp 0 0 0.0.0.0:1814 0.0.0.0:* 1855/radiusd
udp 0 0 127.0.0.1:32793 0.0.0.0:* 2990/smbd
udp 0 0 0.0.0.0:680 0.0.0.0:* 1778/rpc.mountd
udp 0 0 192.168.0.131:53 0.0.0.0:* 2000/named
udp 0 0 192.168.0.130:53 0.0.0.0:* 2000/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 2000/named
udp 0 0 0.0.0.0:3130 0.0.0.0:* 1887/(squid)
udp 0 0 0.0.0.0:842 0.0.0.0:* 1514/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:* 1494/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 1686/cupsd
udp 0 0 :::32774 :::* 2000/named
DEBUG OUTPUT (first 50 lines, the rest is available on request)
[root@niab ~]# head -n 50 /var/log/slapd.out
@(#) $OpenLDAP: slapd 2.2.13 (Feb 21 2005 17:26:02) $
buildcentos@bhrama.build.karan.org:/home/buildcentos/building/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/s ervers/slapd
daemon_init: ldap:///
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: initialized ldap:///
daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_initialize: initialize BDB backend
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
bdb_initialize: initialize BDB backend
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
reading config file /etc/openldap/slapd.conf
line 5 (include /etc/openldap/schema/core.schema)
reading config file /etc/openldap/schema/core.schema
line 77 (attributetype ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: knowledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ))
line 86 (attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family) name(s) for which the entity is known by' SUP name ))
line 92 (attributetype ( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial number of the entity' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ))
line 96 (attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256: ISO-3166 country 2-letter code' SUP name SINGLE- VALUE ))
line 100 (attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: locality which this object resides in' SUP nam e ))
line 104 (attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2256: state or province which this object re sides in' SUP name ))
line 110 (attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2256: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 114 (attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256: organization this object belongs to' SUP name ))
line 118 (attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'RFC2256: organizational unit this object be longs to' SUP name ))
line 122 (attributetype ( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name ))
line 128 (attributetype ( 2.5.4.13 NAME 'description' DESC 'RFC2256: descriptive information' EQUALITY caseIgnoreMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ))
line 133 (attributetype ( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search guide, obsoleted by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ))
line 139 (attributetype ( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: business category' EQUALITY caseIgnoreMatch SUBST R caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 145 (attributetype ( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ))
line 151 (attributetype ( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ))
line 157 (attributetype ( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Office Box' EQUALITY caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ))
line 163 (attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 169 (attributetype ( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Telephone Number' EQUALITY telephoneNumberMatch SU BSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ))
line 173 (attributetype ( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ))
line 177 (attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC2256: Teletex Terminal Identifier' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.51 ))
line 181 (attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'RFC2256: Facsimile (Fax) Telephone Numbe r' SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ))
line 187 (attributetype ( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Address' EQUALITY numericStringMatch SUBSTR nume ricStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ))
line 193 (attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256: international ISDN number' EQUALITY numeri cStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ))
line 198 (attributetype ( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: registered postal address' SUP postalAddress SYN TAX 1.3.6.1.4.1.1466.115.121.1.41 ))
line 204 (attributetype ( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: destination indicator' EQUALITY caseIgnoreMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ))
line 209 (attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256: preferred delivery method' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.14 SINGLE-VALUE ))
line 215 (attributetype ( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: presentation address' EQUALITY presentationAdd ressMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 SINGLE-VALUE ))
line 220 (attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC2256: supported application context' EQUALIT Y objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ))
line 224 (attributetype ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' SUP distinguishedName ))
line 228 (attributetype ( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the object)' SUP distinguishedName ))
line 232 (attributetype ( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of role' SUP distinguishedName ))
line 236 (attributetype ( 2.5.4.34 NAME 'seeAlso' DESC 'RFC2256: DN of related object' SUP distinguishedName ))
line 249 (attributetype ( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY cert ificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ))
[root@niab ~]#