Problem: slapd service is not starting

Knowledge Base Community
, , ,
#1

Problem:

slapd service is not starting

Investigation:

Try to start the service with
/usr/sbin/slapd -h 'ldapi:/// ldap://:7389/ ldaps://:7636/' -d5
If you find this kind of message at the end:

$ ipsecNFAReference $ ipsecISAKMPReference $ ipsecNegotiationPolicyReference $ ipsecFilterReference $ nextLevelStore $ managedBy $ ucsschoolClassShareFileServer $ univent
ionAbordnungMasterDn ) )
61825bd1 2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME ‘objectIdentifierMatch’ APPLIES ( supportedControl $ supportedExtension $ supportedFeature
s $ supportedApplicationContext $ pwdAttribute ) )
TLS: could not read DH parameters file `/etc/ldap/dh_2048.pem’.
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line …/crypto/pem/pem_lib.c:686
61825bd1 main: TLS init def ctx failed: -1
61825bd1 slapd destroy: freeing system resources.
61825bd1 OVER: Dellog db_destroy
61825bd1 OVER: db_destroy
61825bd1 slapd stopped.
61825bd1 connections_destroy: nothing to destroy.

the indication is:
TLS: could not read DH parameters file `/etc/ldap/dh_2048.pem’.

Check the file in

ls -lah /etc/ldap/
insgesamt 100K
drwxr-xr-x   5 root     root     4,0K Nov  3 10:49 .
drwxr-xr-x 141 root     root      12K Nov  3 10:46 ..
-rw-r--r--   1 root     root        0 Nov  3 04:31 dh_2048.pem

If it is 0 byte we need the default one.

Solution:

The slapd dh_2048.pem can be copied from /usr/share/univention-ldap/

ls -lah /usr/share/univention-ldap/
-rw-r--r--   1 root root  424 Jun 29 13:22 dh_2048.pem

So copy and start slapd again

root@ucs: cp /usr/share/univention-ldap/dh_2048.pem /etc/ldap/
root@ucs: systemctl start slapd
root@ucs: /usr/share/univention-ldap# ps aufx |grep slap
root     16483  0.0  0.0  14316   944 pts/2    S+   10:57   0:00  |   \_ grep slap
root     16450 21.2  2.3 14408892 380008 ?     Ssl  10:57   0:01 /usr/sbin/slapd -h ldapi:/// ldap://:7389/ ldaps://:7636/
2 Likes
#2
Mastodon