[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP 2.2.13-2: slapd will not bind to port



Ladies & Gentlemen,

I am trying to configure OpenLDAP on CentOS 4 and am having a little problem. Perhaps you can help.

The LDAP has been running fine for a number of weeks, however, it has recently stopped binding to port 389 (or any other port for that matter)

A netstat -nlp shows no slapd as you would expect it to.

Very little has changed on the box, some apache configuration, nothing that should have affected slapd.

So, I have done rpm -e on all the openldap packages, and the reinstalled the all using rpm -i.

Still the symptom persists. I have run slapd in debugging mode, the output has been attached below alone with everything else I can think to add at this time.

Hopefully someone has a good suggestion.

Kind regards,

Adam.

PS. Even if you cannot help, I would be interested to see the output of a debug from a 'working' slapd, so I can compare it to my broken debug. So if you have a working config, please run the debug (syntax below) and pass it on.

RPM

[root@niab ~]# rpm -qa | grep openldap
openldap-clients-2.2.13-2
openldap-devel-2.2.13-2
openldap-2.2.13-2
openldap-servers-2.2.13-2
[root@niab ~]#

UNAME

[root@niab ~]# uname -a
Linux niab.niab.local 2.6.9-5.0.5.ELsmp #1 SMP Wed Apr 20 00:16:40 BST 2005 i686 i686 i386 GNU/Linux
[root@niab ~]#

SLAPD.CONF

[root@niab ~]# cat /etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

# Allow LDAPv2 client connections.  This is NOT the default.
#allow bind_v2


# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

# Load dynamic backend modules:
# modulepath    /usr/sbin/openldap
# moduleload    back_bdb.la
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la

# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.  Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

# Sample security restrictions
#       Require integrity protection (prevent hijacking)
#       Require 112-bit (3DES or better) encryption for updates
#       Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#       Root DSE: allow anyone to read it
#       Subschema (sub)entry DSE: allow anyone to read it
#       Other DSEs:
#               Allow self write access
#               Allow authenticated users read access
#               Allow anonymous users to authenticate
#       Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#       by self write
#       by users read
#       by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database        bdb
suffix          "dc=my-domain,dc=com"
rootdn          "cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
 rootpw         secret
# rootpw                {crypt}ijFYNcSNctBYg

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
#     bindmethod=sasl saslmech=GSSAPI
#     authcId=host/ldap-master.example.com@EXAMPLE.COM
[root@niab ~]#



TESTING

[root@niab ~]# /usr/sbin/slapd -h ldap:/// -d -1 2> /var/log/slapd.out

[root@niab ~]# ps -ef | grep slapd
root      2903  2853  0 08:25 pts/2    00:00:00 /usr/sbin/slapd -h ldap:/// -d -1
root      2992  2904  0 08:52 pts/3    00:00:00 grep slapd

[root@niab ~]# 

[root@niab ~]# netstat -npl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:2049                0.0.0.0:*                   LISTEN      -
tcp        0      0 0.0.0.0:32769               0.0.0.0:*                   LISTEN      1514/rpc.statd
tcp        0      0 0.0.0.0:32770               0.0.0.0:*                   LISTEN      -
tcp        0      0 0.0.0.0:139                 0.0.0.0:*                   LISTEN      1925/smbd
tcp        0      0 0.0.0.0:683                 0.0.0.0:*                   LISTEN      1778/rpc.mountd
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1494/portmap
tcp        0      0 192.168.0.131:53            0.0.0.0:*                   LISTEN      2000/named
tcp        0      0 192.168.0.130:53            0.0.0.0:*                   LISTEN      2000/named
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      2000/named
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      1805/vsftpd
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      1686/cupsd
tcp        0      0 0.0.0.0:3128                0.0.0.0:*                   LISTEN      1887/(squid)
tcp        0      0 0.0.0.0:664                 0.0.0.0:*                   LISTEN      1756/rpc.rquotad
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      2000/named
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      1820/exim
tcp        0      0 0.0.0.0:445                 0.0.0.0:*                   LISTEN      1925/smbd
tcp        0      0 :::993                      :::*                        LISTEN      1669/dovecot
tcp        0      0 :::143                      :::*                        LISTEN      1669/dovecot
tcp        0      0 :::80                       :::*                        LISTEN      2062/httpd
tcp        0      0 :::22                       :::*                        LISTEN      1727/sshd
tcp        0      0 :::25                       :::*                        LISTEN      1820/exim
tcp        0      0 :::443                      :::*                        LISTEN      2062/httpd
udp        0      0 0.0.0.0:32768           0.0.0.0:*                           1514/rpc.statd
udp        0      0 0.0.0.0:2049            0.0.0.0:*                           -
udp        0      0 0.0.0.0:514             0.0.0.0:*                           1469/syslogd
udp        0      0 0.0.0.0:32771           0.0.0.0:*                           -
udp        0      0 0.0.0.0:32772           0.0.0.0:*                           1887/(squid)
udp        0      0 0.0.0.0:32773           0.0.0.0:*                           2000/named
udp        0      0 192.168.0.130:137       0.0.0.0:*                           1929/nmbd
udp        0      0 192.168.0.131:137       0.0.0.0:*                           1929/nmbd
udp        0      0 0.0.0.0:137             0.0.0.0:*                           1929/nmbd
udp        0      0 192.168.0.130:138       0.0.0.0:*                           1929/nmbd
udp        0      0 192.168.0.131:138       0.0.0.0:*                           1929/nmbd
udp        0      0 0.0.0.0:138             0.0.0.0:*                           1929/nmbd
udp        0      0 0.0.0.0:1812            0.0.0.0:*                           1855/radiusd
udp        0      0 0.0.0.0:1813            0.0.0.0:*                           1855/radiusd
udp        0      0 0.0.0.0:661             0.0.0.0:*                           1756/rpc.rquotad
udp        0      0 0.0.0.0:1814            0.0.0.0:*                           1855/radiusd
udp        0      0 127.0.0.1:32793         0.0.0.0:*                           2990/smbd
udp        0      0 0.0.0.0:680             0.0.0.0:*                           1778/rpc.mountd
udp        0      0 192.168.0.131:53        0.0.0.0:*                           2000/named
udp        0      0 192.168.0.130:53        0.0.0.0:*                           2000/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           2000/named
udp        0      0 0.0.0.0:3130            0.0.0.0:*                           1887/(squid)
udp        0      0 0.0.0.0:842             0.0.0.0:*                           1514/rpc.statd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1494/portmap
udp        0      0 0.0.0.0:631             0.0.0.0:*                           1686/cupsd
udp        0      0 :::32774                :::*                                2000/named


DEBUG OUTPUT (first 50 lines, the rest is available on request)

[root@niab ~]# head -n 50 /var/log/slapd.out
@(#) $OpenLDAP: slapd 2.2.13 (Feb 21 2005 17:26:02) $
        buildcentos@bhrama.build.karan.org:/home/buildcentos/building/BUILD/openldap-2.2.13/openldap-2.2.13/build-servers/s ervers/slapd
daemon_init: ldap:///
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: initialized ldap:///
daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_initialize: initialize BDB backend
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
bdb_initialize: initialize BDB backend
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
reading config file /etc/openldap/slapd.conf
line 5 (include         /etc/openldap/schema/core.schema)
reading config file /etc/openldap/schema/core.schema
line 77 (attributetype ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: knowledge information' EQUALITY caseIgnoreMatch  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ))
line 86 (attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family) name(s) for which the entity is known  by' SUP name ))
line 92 (attributetype ( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial number of the entity' EQUALITY caseIgnoreMatch S UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ))
line 96 (attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256: ISO-3166 country 2-letter code' SUP name SINGLE- VALUE ))
line 100 (attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: locality which this object resides in' SUP nam e ))
line 104 (attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2256: state or province which this object re sides in' SUP name ))
line 110 (attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2256: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 114 (attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256: organization this object belongs to' SUP name ))
line 118 (attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'RFC2256: organizational unit this object be longs to' SUP name ))
line 122 (attributetype ( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name ))
line 128 (attributetype ( 2.5.4.13 NAME 'description' DESC 'RFC2256: descriptive information' EQUALITY caseIgnoreMatch SUBS TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ))
line 133 (attributetype ( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search guide, obsoleted by enhancedSearchGuide' SYNTAX  1.3.6.1.4.1.1466.115.121.1.25 ))
line 139 (attributetype ( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: business category' EQUALITY caseIgnoreMatch SUBST R caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 145 (attributetype ( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ))
line 151 (attributetype ( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code' EQUALITY caseIgnoreMatch SUBSTR caseIgnore SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ))
line 157 (attributetype ( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Office Box' EQUALITY caseIgnoreMatch SUBSTR cas eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ))
line 163 (attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2256: Physical Delivery Office Name' EQUALITY  caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ))
line 169 (attributetype ( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Telephone Number' EQUALITY telephoneNumberMatch SU BSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ))
line 173 (attributetype ( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ))
line 177 (attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC2256: Teletex Terminal Identifier' SYNTAX 1.3. 6.1.4.1.1466.115.121.1.51 ))
line 181 (attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'RFC2256: Facsimile (Fax) Telephone Numbe r' SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ))
line 187 (attributetype ( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Address' EQUALITY numericStringMatch SUBSTR nume ricStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ))
line 193 (attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256: international ISDN number' EQUALITY numeri cStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ))
line 198 (attributetype ( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: registered postal address' SUP postalAddress SYN TAX 1.3.6.1.4.1.1466.115.121.1.41 ))
line 204 (attributetype ( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: destination indicator' EQUALITY caseIgnoreMat ch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ))
line 209 (attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256: preferred delivery method' SYNTAX 1.3.6.1. 4.1.1466.115.121.1.14 SINGLE-VALUE ))
line 215 (attributetype ( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: presentation address' EQUALITY presentationAdd ressMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 SINGLE-VALUE ))
line 220 (attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC2256: supported application context' EQUALIT Y objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ))
line 224 (attributetype ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' SUP distinguishedName ))
line 228 (attributetype ( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the object)' SUP distinguishedName ))
line 232 (attributetype ( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of role' SUP distinguishedName ))
line 236 (attributetype ( 2.5.4.34 NAME 'seeAlso' DESC 'RFC2256: DN of related object' SUP distinguishedName ))
line 249 (attributetype ( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY cert ificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ))
[root@niab ~]#