Can't contact LDAP server (running but not listening)

Hello There

Today i wanted to upgrade Univention to the new version 4.4-7.
Unfortunately, i’m no longer able to login to the webinterface.

When i checked the logs, i got the error

// management-console-server.log
Canonicalization of username was not possible: {'desc': "Can't contact LDAP server"}  

// mail.log
postfix/cleanup[8180]: error: dict_ldap_connect: Unable to set STARTTLS: -1: Can't contact LDAP server  

// univention-ldapsearch
ldap_start_tls: Can't contact LDAP server (-1)
ldap_start_tls: Can't contact LDAP server (-1)

I was now searching and trying things for hours but could just not find a solution to the problem.

The server tells me it’s running and do not seem to have problems.

root@ucs:/etc/univention/templates/files/etc/ldap# systemctl status slapd.service
● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
   Loaded: loaded (/etc/init.d/slapd; generated; vendor preset: enabled)
   Active: active (exited) since Tue 2020-12-01 17:12:12 CET; 5min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 7379 ExecStop=/etc/init.d/slapd stop (code=exited, status=0/SUCCESS)
  Process: 7385 ExecStart=/etc/init.d/slapd start (code=exited, status=0/SUCCESS)

Dec 01 17:12:12 ucs systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Dec 01 17:12:12 ucs systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).

Update: 18:28 (01.12.2020)
It seems like the service is not listening on the expected ports.
(Actually it does not listen at all on any port).
Unfortunately, for that issue i cannot find a solution as well.

I also executed the update through the terminal again and rebootet the machine several times but no luck. It would be really helpful if someone here could help me with this.

At the beginning, apache2 didn’t start either. It was blaming a missing file univention-udm.conf in sites-available. But that one i could solve by createing an empty file (if this is the correct way)?

Deutsch wäre auch ok.

What’s the output of ss -4lntp | grep slapd (-4: IPv4 only, -l: listening ports, -n: don’t resolve numeric statements, -p: show processes)?

You could also use netstat -tlpen | grep slapd instead. Or lsof -i | grep slapd.

Unfortunately nothing.
It does not see a slapd process there

Well, then it’s not running. Please try systemctl restart slapd.service. And then check systemctl status slapd.serviceand one of those commands above.

Well. thats exactly the problem.
It tells me the process is running. but nothing is listening

No, it tells you the service is active but exited. This is how it looks when the service is running:
Bildschirmfoto 2020-12-04 um 10.34.42

I’d suggest to manually walk through all steps the init script does to launch slapd. There are several steps the script does where it might fail. In lines 211 to 214 the script launches the daemon. After that it stores the return value rvalue.

The part below # Bug #33993 shouldn’t be executed because you surly have no i686 architecture but x86_64, don’t you? But then, the script checks the return value. Your screenshot shows it returned 0 but still it isn’t running so if the script is correct your config might be such that slapd does not need to run. If the script is wrong we can try to figure out where it fails and file a bug.

This is the command you’d need to execute.

start-stop-daemon --start --ppid 1 --exec /usr/sbin/slapd -- -h "ldapi:/// ldap://:7389/ ldaps://:7636/"

I already replaced $DAEMON and $uris with their respective contents. Please check if they have the same values in your init script. I assume so but better safe than sorry. Also, please systemctl stop slapd.service before issuing this command. I also removed the --quiet option as we want to see what happens.