OpenLDAP won't start and won't log why

Solution 1

Here are some ideas for additional debugging. These are only necessary if you're absolutely positive it's not a permission problem...

First, try running slapd in debug mode:

slapd -u ldap -g ldap -d 65

Note that the argument to -d is a bit field, values for which can be found in the slapd.conf man page (look for loglevel). 65 is trace + config, which is usually sufficiently verbose for this sort of problem. This may or may not show you anything useful.

If that doesn't work, we can use strace (a system call tracer) to figure out exactly what's going on. Run slapd like this:

strace -o /tmp/trace -f -s 1024 slapd -u ldap -g ldap -d 7

When it dies, you'll have a file /tmp/trace containing all the system calls from slapd. For the curious -f makes strace follow forks (not really necessary in this case, but it's my default), and -s 1024 makes strace print up to 1024 bytes of string arguments in the trace log.

Now, use grep to look for references to company.crt in this file. In theory you'll find something that looks like this if their is a permission problem:

open("/tmp/company.crt", O_RDONLY)      = -1 EACCES (Permission denied)

Or something like this if the file is missing:

open("/tmp/company.crt", O_RDONLY)      = -1 ENOENT (No such file or directory)

A successful open looks like this:

open("/tmp/company.crt", O_RDONLY)      = 3

Where that 3 is the file descriptor returned by open (and will probably be some other positive integer).

Take a look and see if something obvious jumps out. Let me know if that doesn't help.

Solution 2

You shouldn't set /etc/openldap to 777. Permissions are necessary to make things work correctly sometimes. I would suggest changing it back to 755.

You might have the incorrect user and or permission on cacerts

drwxr-xr-x 3 root root 4096 Apr 19 2007 cacerts/

Related videos on Youtube