2

Using Centos 7 and following steps for openldap server configurations.i am facing this problem 

[root@linux1 ~]# systemctl restart slapd Job for slapd.service failed because the control process exited with error code. See "systemctl status slapd.service" and "journalctl -xe" for details. [root@linux1 ~]# [root@linux1 ~]# [root@linux1 ~]# [root@linux1 ~]# systemctl status slapd ● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sun 2018-05-13 03:21:41 EDT; 7min ago Docs: man:slapd man:slapd-config man:slapd-hdb man:slapd-mdb file:///usr/share/doc/openldap-servers/guide.html Process: 2781 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=1/FAILURE) Process: 2767 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS) May 13 03:21:40 linux1.learnitguide.net runuser[2770]: pam_unix(runuser:session): session opened for user ldap by (uid=0) May 13 03:21:40 linux1.learnitguide.net slapd[2781]: @(#) $OpenLDAP: slapd 2.4.44 (Apr 12 2018 19:17:38) $ [email protected]:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd May 13 03:21:40 linux1.learnitguide.net slapd[2781]: ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif" May 13 03:21:40 linux1.learnitguide.net slapd[2781]: ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif" May 13 03:21:41 linux1.learnitguide.net slapd[2781]: tlsmc_cert_create_hash_symlink: ERROR: OS error: Permission denied May 13 03:21:41 linux1.learnitguide.net slapd[2781]: Could not get the realpath: No such file or directory May 13 03:21:41 linux1.learnitguide.net systemd[1]: slapd.service: control process exited, code=exited status=1 May 13 03:21:41 linux1.learnitguide.net systemd[1]: Failed to start OpenLDAP Server Daemon. May 13 03:21:41 linux1.learnitguide.net systemd[1]: Unit slapd.service entered failed state. May 13 03:21:41 linux1.learnitguide.net systemd[1]: slapd.service failed. [root@linux1 ~]#
Improve this question

5 Answers 5

Reset to default
2

I did not have the "tlsmc_cert_create_hash_symlink: ERROR: OS error: Permission denied" issue, but the same error message "Could not get the realpath: No such file or directory".

This affects the latest Openldap Version for Centos7

rpm -qa | grep openldap openldap-clients-2.4.44-13.el7.x86_64 openldap-servers-2.4.44-13.el7.x86_64 openldap-2.4.44-13.el7.x86_64 ls /var/lib/ldap/

For you as information, it seems that the DB_CONFIG in /var/lib/ldap for this version is empty. I was not able to find the cause. Creating an own DB_CONFIG and changing the ldap.conf did not fix the issue.

So the dirty solution: Downgrade OpenLdap.

mkdir /tmp/openldap/ cd /tmp/openldap/ wget https://rpmfind.net/linux/centos/7.4.1708/os/x86_64/Packages/openldap-clients-2.4.44-5.el7.x86_64.rpm wget https://www.rpmfind.net/linux/centos/7.4.1708/os/x86_64/Packages/openldap-2.4.44-5.el7.x86_64.rpm wget https://rpmfind.net/linux/centos/7.4.1708/os/x86_64/Packages/openldap-servers-2.4.44-5.el7.x86_64.rpm yum downgrade ./openldap-* systemctl start slapd.service

Sorry, I didnt test other versions and the source is questionable. But LDAP starts then.

Improve this answer
2

We had the same problem, we just yum -y upgrade and after that ldap works fine.

Improve this answer
0
2

if you are CentOS 7 just enter these command and all thing will be good 

 yum update cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown ldap:ldap /var/lib/ldap/*
Improve this answer
0
1

It's a matter of SELinux. You should make a policy for slapd.

#grep slapd /var/log/audit/audit.log | audit2allow #============= slapd_t ============== allow slapd_t slapd_tmp_t:lnk_file create;

After confirm above, make a policy.

# grep slapd /var/log/audit/audit.log | audit2allow -m slapd > slapd.te # grep slapd /var/log/audit/audit.log | audit2allow -M slapd ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i slapd.pp # semodule -i slapd.pp

After that you may have another TSL problem. You need to allow slapd to read files. Well, you could solve that same way. With audit2allow, rebuild policy.

Improve this answer
0

Taking tips from How can I instruct yum to install a specific version I did the following:

yum --showduplicates list openldap-servers

I got the following:

openldap-servers.x86_64 2.4.40-9.el7_2 ol7_latest openldap-servers.x86_64 2.4.40-13.el7 ol7_latest openldap-servers.x86_64 2.4.44-5.el7 ol7_latest -> Last run version openldap-servers.x86_64 2.4.44-13.el7 ol7_latest -> Works openldap-servers.x86_64 2.4.44-15.el7_5 ol7_latest -> DOES NOT WORK

I used the older version of openldap-servers using:

yum install openldap-servers-2.4.44-13.el7

And was able to avoid the issue.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.