Problem:
Maybe after troubleshooting with failed.ldif or a filled up disk space or filesystemproblems the slapd has an issue with starting.
Investigation:
Issue 1
Start the slapd without systemd to get better/more starting information:
root@slave:~# SYSTEMCTL_SKIP_REDIRECT=1 /etc/init.d/slapd start
[FAIL] Starting ldap server(s): slapd ...failed.
[info] 5d1f3a4e mdb_db_open: database "dc=local,dc=domain,dc=de" cannot be opened: No such file or directory (2). Restore from backup! 5d1f3a4e backend_startup_one (type=mdb, suffix="dc=local,dc=domain,dc=de"): bi_db_open failed! (2) slap_startup failed.
In this case if the affected system is not a master re-join the machine with univention-join
.
Issue 2
Another case could be an empty or corrupted TLS file /etc/ldap/dh_2048.pem
.
You can start slapd with the command below or with
/usr/sbin/slapd -h "ldapi:/// ldap://:7389/ ldaps://:7636/" -d -1
root@slave:~# killall -9 slapd
root@slave:~# slapd -d 1 -h ldap:///:7389/
[...]
TLS: could not read DH parameters file `/etc/ldap/dh_2048.pem'.
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line ../crypto/pem/pem_lib.c:686
5d1f5eb7 main: TLS init def ctx failed: -1
5d1f5eb7 slapd destroy: freeing system resources.
5d1f5eb7 shadowbind_db_destroy
5d1f5eb7 slapd stopped.
5d1f5eb7 connections_destroy: nothing to destroy.
You will notice the line TLS: could not read DH parameters file '/etc/ldap/dh_2048.pem'.
Solution:
The corruption of this file could happen due to a full filesystem or other various reasons. In either case you should re-create the file:
sh -x /usr/share/univention-ldap/create-dh-parameter-files
This may take a short time:
sh -x /usr/share/univention-ldap/create-dh-parameter-files
+ set -e
+ umask 022
+ ucr get ldap/tls/dh/paramfile
+ paramfile=/etc/ldap/dh_2048.pem
+ [ -n /etc/ldap/dh_2048.pem ]
+ mktemp
+ log=/tmp/tmp.PZpMQnQbjY
+ exec
+ :
+ exit 0
+ cleanup
+ rv=0
+ set +e
+ cat /tmp/tmp.PZpMQnQbjY
Restart slapd after this by systemctl start slapd
.