|
Hi Folks – I am getting the No PID file for openLDAP error when starting/stopping slapd.
run]# /etc/init.d/slapd stop slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] Halting OpenLDAP... slapd: [INFO] Can't read PID file, to stop OpenLDAP try: /etc/init.d/slapd forcestop [root@itds120 run]# /etc/init.d/slapd forcestop slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] Killing OpenLDAP with force... slapd: [INFO] Found no OpenLDAP process running with ldap://oldap.umt.edu:389 ldaps://oldap.umt.edu:636 slapd: [INFO] Killing OpenLDAP replication with force... slapd: [INFO] Found no slurpd process running [root@itds120 run]# ps -ea | grep slapd 6723 ? 00:00:00 slapd [root@itds120 run]# /etc/init.d/slapd start slapd: [INFO] Using /etc/default/slapd for configuration slapd: [INFO] Launching OpenLDAP configuration test... slapd: [OK] OpenLDAP configuration test successful slapd: [INFO] No db_recover done slapd: [INFO] Launching OpenLDAP... slapd: [OK] File descriptor limit set to 1024 slapd: [ALERT] No PID file for OpenLDAP [root@itds120 run]# ps -ea | grep slapd 6723 ? 00:00:00 slapd It seems to show that openLDAP is running on this box, but I can’t connect to it.
The slapd.conf file is attached. I see a lot of results about this error out there on the web, but most of the fixes like manually creating the pid file don’t seem to work. If anyone has any tips I can try, it would be greatly appreciated.
This is a standalone (test oldap, running 2.4.36) on redhat 6. Thanks in advance. Norman Singley Directory Services 406 243 6799 Norman.singley@mso.umt.edu |
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /u01/app/ldap/etc/openldap/schema/core.schema include /u01/app/ldap/etc/openldap/schema/cosine.schema include /u01/app/ldap/etc/openldap/schema/inetorgperson.schema include /u01/app/ldap/etc/openldap/schema/eduperson.schema include /u01/app/ldap/etc/openldap/schema/missoula.schema include /u01/app/ldap/etc/openldap/schema/ldappc.schema include /u01/app/ldap/etc/openldap/schema/ppolicy.schema # # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /u02/app/ldap/run/slapd.pid argsfile /u02/app/ldap/run/slapd.args #################################################################### # Logging added by Roger Holtom # loglevel conns filter ACL stats shell args #loglevel any # #################################################################### # Load dynamic backend modules: modulepath /u01/app/ldap/libexec/openldap #moduleload back_bdb.la moduleload back_hdb.la moduleload back_ldap.la moduleload syncprov.la # added by Roger Holtom 06/16/11 ####################################################################### # dynamic overlays to load ####################################################################### moduleload ppolicy.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # # added 07.17 to see if shibboleth works with unauthenticated binds allow bind_anon_dn # # ###################################################################### # TLS configuration added by Roger Holtom 05/11/12 ###################################################################### TLSCACertificateFile /etc/httpd/conf/ssl.crt/incommon-ca.crt #TLSCertificateFile /etc/httpd/conf/ssl.crt/oldap.umt.edu.crt TLSCertificateFile /etc/httpd/SAN-cert/ssl.crt/oldap-san.umt.edu.crt TLSCertificateKeyFile /etc/httpd/SAN-cert/ssl.key/oldap.umt.edu.key ###################################################################### # End of section added by Roger Holtom for TLS ###################################################################### # # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: access to dn.base="" by * read access to dn.base="cn=Subschema" by * read #access to dn.subtree="dc=umt,dc=edu" # by self write # by anonymous search # by * read #access to * # by self write # by anonymous auth # by * read # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! # ####################################################################### # ACL added by Roger Holtom ####################################################################### # access to attrs=userPassword by self write by anonymous auth by dn.exact="cn=pwadmin,ou=people,dc=umt,dc=edu" write # by self write # by groups.exact="cn=pwreset,ou=groups,dc=umt,dc=edu" write # by anonymous auth by * none # access to attrs=securityQuestion by self write by dn.exact="cn=pwadmin,ou=people,dc=umt,dc=edu" write by * none # access to attrs=securityAnswer by self write by dn.exact="cn=pwadmin,ou=people,dc=umt,dc=edu" write by * none # # unrem'd the next 3 lines 4-30-13 access to attrs=umid by self read by * none access to attrs=uid by * read access to attrs=cn by * read access to attrs=givenname by * read access to attrs=sn by * read access to * by self write by users read by * read # by * auth # by self write # by users read # by anonymous auth # by users read # by anonymous auth # ####################################################################### # end of ACL ####################################################################### ############################################################# # un-rem these lines when converting to cn=config DB instead # of slapd.conf ############################################################# #database config #rootdn "cn=admin,cn=config" #rootpw config-ds ############################################################# ####################################################################### # BDB database definitions ####################################################################### serverID 1 database hdb suffix "dc=umt,dc=edu" rootdn "cn=Manager,dc=umt,dc=edu" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw ********** # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /u02/app/ldap/openldap-data overlay ppolicy ppolicy_default "cn=-default,ou=policies,dc=umt,dc=edu" # added by Roger Holtom 02.12.13 to see if this hashes passwords on new # records added to the directory. Also, see what effect this has on the # backup files # # The backup done on Feb. 12 at 11:40 was done just before I made this # configuration change. # ppolicy_hash_cleartext # Indices to maintain index objectClass eq # ###################################################################### # Inices added by Roger Holtom BE SURE TO RE-INDEX after changing! ###################################################################### index uid,entryUUID,entryCSN eq index cn eq,sub index employeeNumber eq index umid eq # ########## END OF UM INDICES ###################################################################### # Enable Monitoring # added by Roger Holtom 05.15.13 ###################################################################### #database monitor # allow only rootdn to read the monitor #access to * # by dn.exact="cn=admin,cn=config" read # by * none ###################################################################### # end of monitoring section ###################################################################### # # REPLICATION # #syncrepl rid=001 \ #provider=ldap://oldapn2.umt.edu:389 \ #type=refreshAndPersist \ #interval=00:00:01:00 \ #searchbase="dc=umt,dc=edu" \ #scope=sub \ #attrs="*,+" \ #schemachecking=off \ #bindmethod=simple \ #binddn="cn=Manager,dc=umt,dc=edu" \ #credentials=prod_itds117 # #mirrormode TRUE # #overlay syncprov # #syncprov-checkpoint 100 10