Problem: LDAP Service Does Not Start


The LDAP service does not start on a server causing multiple issues.


Step 1 Identify the reason

An attempt to start the service manually through systemctl restart slapd does not succeed and journalctl -xe shows the following lines:

Mär 10 15:32:46 ucs slapd[30026]: @(#) $OpenLDAP: slapd  (Nov 26 2019 12:59:58) $
                                                    Debian OpenLDAP Maintainers <>
Mär 10 15:32:46 ucs slapd[30026]: Loaded metadata from "/usr/share/univention-management-console/saml/idp/ucs-sso.multi.ucs.xml
Mär 10 15:32:46 ucs1-backup3 slapd[30026]: /etc/ldap/slapd.conf: line 354: unknown style "16.100.96" in by clause
Mär 10 15:32:46 ucs1-backup3 slapd[30026]: <access clause> ::= access to <what> [ by <who> [ <access> ] [ <control> ] ]+

The later two lines indicate a syntax error in the configuration file of the service.

Step 2 rewrite configuration file

If the file has been modified manually, a rewrite through ucr commit /etc/ldap/slapd.conf should fix it.

Step 3

Check the configuration file manually.
Look for the mentioned line from step 1 and compare to a valid one in the same file:

   by peername.ip=ldap/acl/read/ips: read
   by peername.ip= read

Note the additonal string "ldap/acl/read/ips: " in the above line which causes the service to fail.

Step 4 fix the ucr variable

Check the variables

ucr get ldap/acl/read/ips
ldap/acl/read/ips: ldap/acl/read/ips:,,,

The variable contains its own string where it should have only IP ranges.
ucr set ldap/acl/read/ips=",,,"

Step 5 Start the service

Restart the service: systemctl restart slapd