Server Fault Asked by Jonas Hölscher on December 30, 2021
so im trying to get a LDAP server with ssl certificate running. I need to change the config by changing cn=config with ldapmodify and therefore cannot use a slapd.conf. It was quite hard finding proper guides on how to set it up with this… im relative new to linux…
Currently the slapd server is not starting and neither a systemctl status nor a journalctl had any information.
I think the problem is that for the ssl certificate I generated a key, so 2 .pem files one as the cert and one as key and then I ran
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f ldap.ldif
to load the config.
Content of ldap.ldif:
dn: cn=config changetype: modify add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/ssl/ldapcert.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/ssl/keys/ldapkey.pem - add: olcTLSCipherSuite olcTLSCipherSuite: TLSv1+RSA:!NULL - add: olcTLSVerifyClient olcTLSVerifyClient: never
I had a typo in this file when I loaded it and then the problem arised.
My question is: How can I load the new (without typo) ldap.ldif file to the slapd server, when its shut down. When trying to run ldapmodify it says that he cannot make a connection to the ldap server which makes sense when it’s offline.
To get more information when I try to start the server I ran the following command
/usr/sbin/slapd -h "ldapi:/// ldap://:7389/ ldaps://:7636/" -d -1
and got some more information: (part of the output)
daemon: bind(8) failed errno=98 (Address already in use) lap_open_listener: failed on ldapi:/// lapd stopped. onnections_destroy: nothing to destroy.
But I don’t know what to do with this information and I didn’t found similar problems in the internet.
I hope someone can help me!
Greeting Jonas
The last output is actually telling you something is using the port so the slapd service is probably in limbo.
Kill the slapd process manually, you can use suggestions in this answer
or just plain pgrep slapd
will give you pid of the process which you gonna kill.
Command lsof +L1
or lsof -c slapd
may show you slapd is touching some file (means it's in limbo).
And I'm gonna pretend there isn't tlsv1 in your config ;)
Answered by Geeky Masters on December 30, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP