我正在尝试启动 slapd 服务,但运行
journalctl -xeFailed to start OpenLDAP Server Daemon.
-- Subject: Unit slapd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit slapd.service has failed.
--
-- The result is failed.
Jan 06 11:22:43 scv-ldap01.sesame.local systemd[1]: Unit slapd.service entered failed state.
Jan 06 11:22:43 scv-ldap01.sesame.local systemd[1]: slapd.service failed.
Jan 06 11:22:43 scv-ldap01.sesame.local polkitd[4630]: Unregistered Authentication Agent for unix-process:31319:24705667 (system bus name :1.1226, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, loc
Jan 06 11:23:35 scv-ldap01.sesame.local su[31373]: (to root) sesame on pts/0
Jan 06 11:23:35 scv-ldap01.sesame.local su[31373]: pam_unix(su:session): session opened for user root by sesame(uid=1000)
Jan 06 11:23:35 scv-ldap01.sesame.local dbus[4639]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Jan 06 11:23:35 scv-ldap01.sesame.local dbus[4639]: [system] Successfully activated service 'org.freedesktop.problems'
Jan 06 11:23:46 scv-ldap01.sesame.local polkitd[4630]: Registered Authentication Agent for unix-process:31416:24712191 (system bus name :1.1232 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/fr
Jan 06 11:23:46 scv-ldap01.sesame.local systemd[1]: Starting OpenLDAP Server Daemon...
-- Subject: Unit slapd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit slapd.service has begun starting up.
Jan 06 11:23:47 scv-ldap01.sesame.local runuser[31427]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jan 06 11:23:47 scv-ldap01.sesame.local runuser[31427]: pam_unix(runuser:session): session closed for user ldap
Jan 06 11:23:47 scv-ldap01.sesame.local slapcat[31431]: DIGEST-MD5 common mech free
Jan 06 11:23:47 scv-ldap01.sesame.local runuser[31438]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jan 06 11:23:47 scv-ldap01.sesame.local runuser[31438]: pam_unix(runuser:session): session closed for user ldap
Jan 06 11:23:47 scv-ldap01.sesame.local runuser[31440]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jan 06 11:23:47 scv-ldap01.sesame.local runuser[31440]: pam_unix(runuser:session): session closed for user ldap
Jan 06 11:23:47 scv-ldap01.sesame.local runuser[31442]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jan 06 11:23:47 scv-ldap01.sesame.local runuser[31442]: pam_unix(runuser:session): session closed for user ldap
Jan 06 11:23:47 scv-ldap01.sesame.local slapd[31445]: @(#) $OpenLDAP: slapd 2.4.44 (Oct 30 2018 23:14:27) $
[email protected]:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
Jan 06 11:23:47 scv-ldap01.sesame.local slapd[31445]: ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"
Jan 06 11:23:47 scv-ldap01.sesame.local slapd[31445]: ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif"
Jan 06 11:23:47 scv-ldap01.sesame.local slapd[31445]: main: TLS init def ctx failed: -1
Jan 06 11:23:47 scv-ldap01.sesame.local slapd[31445]: DIGEST-MD5 common mech free
Jan 06 11:23:47 scv-ldap01.sesame.local slapd[31445]: slapd stopped.
Jan 06 11:23:47 scv-ldap01.sesame.local slapd[31445]: connections_destroy: nothing to destroy.
Jan 06 11:23:47 scv-ldap01.sesame.local systemd[1]: slapd.service: control process exited, code=exited status=1
Jan 06 11:23:47 scv-ldap01.sesame.local systemd[1]: Failed to start OpenLDAP Server Daemon.
-- Subject: Unit slapd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit slapd.service has failed.
--
-- The result is failed.
Jan 06 11:23:47 scv-ldap01.sesame.local systemd[1]: Unit slapd.service entered failed state.
Jan 06 11:23:47 scv-ldap01.sesame.local systemd[1]: slapd.service failed.
Jan 06 11:23:47 scv-ldap01.sesame.local polkitd[4630]: Unregistered Authentication Agent for unix-process:31416:24712191 (system bus name :1.1232, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, loc
lines 3143-3193/3193 (END)
经过多次尝试
参考https://bugs.centos.org/view.php?id=6945
感谢@toracat
重新安装openldap相关包确实修复了它
yum reinstall openldap openldap-servers openldap-clients
Jan 06 11:23:47 scv-ldap01.sesame.local slapd[31445]: main: TLS init def ctx failed: -1
看起来解析证书/密钥存在一些问题,grep for TLS (
grep tls -ir /etc/openldap/slapd.d/*slapd下一行显示错误 ldif_read_file:“/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif”上的校验和错误
需要进行备份并使用下一行重新配置服务器
sudo dpkg-重新配置 slapd
要小心,因为删除了所有配置,这里再次输入正确的参数
我成功启动了 slapd,创建 SSL 证书、密钥并将文件放置在 /etc/pki/tls/certs/ 中