[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OPENLDAP UPGRADE

Hi John,

It seems that an application is already listening on standard port, 389
or 636 I guess...

Just find which application and turn it down, then restart your server
again.


Regards,
David

Le 18/12/2013 17:05, Borresen, John - 0442 - MITLL a écrit :
> In the process of upgrading to 2.4.38 (was able to work with the LTB group to resolve the repo issue there), created a slapd.conf, and converted to the slapd.d format successfully.  - this is initially on a test server.  Most of the slapd.conf was migrated over from the 2.4.23 configuration that is currently in production.
> 
> When starting slapd, receiving the following (and slapd does not start):
> 
> # /usr/local/openldap/libexec/slapd -u ldap -d 1 -F /usr/local/openldap/etc/openldap/slapd.d
> 52b1c516 @(#) $OpenLDAP: slapd 2.4.38 (Nov 27 2013 13:40:34) $
>         clement@localhost.localdomain:/home/clement/build/BUILD/openldap-2.4.38/servers/slapd
> ldap_pvt_gethostbyname_a: host=<server_name>, r=0
> 52b1c516 daemon_init: listen on ldap:///
> 52b1c516 daemon_init: 1 listeners to open...
> ldap_url_parse_ext(ldap:///)
> 52b1c516 daemon: bind(7) failed errno=98 (Address already in use)
> 52b1c516 daemon: bind(7) failed errno=98 (Address already in use)
> 52b1c516 slap_open_listener: failed on ldap:///
> 52b1c516 slapd stopped.
> 52b1c516 connections_destroy: nothing to destroy.
> 
> 
> Here is my slapd.conf:
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include         /usr/local/openldap/etc/openldap/schema/core.schema
> #
> ## Added to support the inetOrgPerson objectClass
> include         /usr/local/openldap/etc/openldap/schema/cosine.schema
> include         /usr/local/openldap/etc/openldap/schema/inetorgperson.schema
> include         /usr/local/openldap/etc/openldap/schema/java.schema
> include         /usr/local/openldap/etc/openldap/schema/misc.schema
> include         /usr/local/openldap/etc/openldap/schema/nis.schema
> include         /usr/local/openldap/etc/openldap/schema/openldap.schema
> # include               /usr/local/openldap/etc/openldap/pmi.schema
> include         /usr/local/openldap/etc/openldap/schema/ppolicy.schema
> include         /usr/local/openldap/etc/openldap/schema/2307bis.schema
> include         /usr/local/openldap/etc/openldap/schema/printers.schema
> 
> # Define global ACLs to disable default read access.
> 
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral       ldap://root.openldap.org
> referral        ldap://<server_name>.test.ldap
> 
> pidfile         /var/lib/openldap/run/slapd.pid
> argsfile        /var/lib/openldap/run/slapd.args
> 
> # Load dynamic backend modules:
> # modulepath    /usr/local/openldap/libexec/openldap
> # moduleload    back_bdb.la
> # moduleload    back_hdb.la
> # moduleload    back_ldap.la
> 
> # Sample security restrictions
> #       Require integrity protection (prevent hijacking)
> #       Require 112-bit (3DES or better) encryption for updates
> #       Require 63-bit encryption for simple bind
> # security ssf=1 update_ssf=112 simple_bind=64
> 
> # Sample access control policy:
> #       Root DSE: allow anyone to read it
> #       Subschema (sub)entry DSE: allow anyone to read it
> #       Other DSEs:
> #               Allow self write access
> #               Allow authenticated users read access
> #               Allow anonymous users to authenticate
> #       Directives needed to implement policy:
> # access to dn.base="" by * read
> # access to dn.base="cn=Subschema" by * read
> access to *
>         by self write
>         by users read
>         by anonymous auth
> #
> # if no access controls are present, the default policy
> # allows anyone and everyone to read anything but restricts
> # updates to rootdn.  (e.g., "access to * by * read")
> #
> # rootdn can always read and write EVERYTHING!
> 
> #######################################################################
> # BDB database definitions
> #######################################################################
> 
> database        config
> rootdn          "cn=admin,cn=config"
> rootpw          {SSHA}_________________________
> 
> database        bdb
> suffix          "dc=test,dc=ldap"
> rootdn          "cn=ldapadmin,dc=test,dc=ldap"
> # Cleartext passwords, especially for the rootdn, should
> # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw          {SSHA}_________________________
> 
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory       /var/lib/openldap/openldap-data
> # Indices to maintain
> index   objectClass             eq
> index   cn,sn,mail              eq,sub
> index   departmentNumber        eq
> index   automountKey            eq
> index   entryCSN                eq
> index   entryUUID               eq
> index   gidNumber,memberUID     eq
> index   uid                     eq
> index   uidNumber,printerURI    eq
> 
> 
> John D. Borresen (Dave)
> Linux/Unix Systems Administrator
> MIT  Lincoln Laboratory
> Surveillance Systems Group
> 244 Wood St
> Lexington, MA  02420
> Ph: (781) 981-1609
> Email: john.borresen@ll.mit.edu<mailto:john.borresen@ll.mit.edu>
> 
>