OK, I have tried everything and while I made some progress I still can't get
the Open-LDAP server to start.
I loaded the initial entry, I believe and ran slaptest, which came back
clean.
However, I STILL can't get the server to start. And now I don't know what
may be the issue, as slaptest is coming back OK. Any ideas?
Here is the output for "slaptest -d 25":
----Begin Output----
slaptest -d 25
slaptest init: initiated tool.
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Berkeley DB 4.7.25: (2010-05-20)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Berkeley DB 4.7.25: (2010-05-20)
>>> dnNormalize: <>
<<< dnNormalize: <>
>>> dnNormalize: <cn=Subschema>
<<< dnNormalize: <cn=subschema>
hdb_db_init: Initializing HDB database
>>> dnPrettyNormal: <dc=wesleyseminary,dc=edu>
<<< dnPrettyNormal: <dc=wesleyseminary,dc=edu>, <dc=wesleyseminary,dc=edu>
>>> dnPrettyNormal: <cn=Manager,dc=wesleyseminary,dc=edu>
<<< dnPrettyNormal: <cn=Manager,dc=wesleyseminary,dc=edu>,
<cn=manager,dc=wesleyseminary,dc=edu>
>>> dnNormalize: <cn=Subschema>
<<< dnNormalize: <cn=subschema>
matching_rule_use_init
1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES (
supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $
olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $
olcDbShmKey $ olcSpSessionlog $ olcChainMaxReferralDepth $
olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $
shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $
shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber
) )
1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES (
supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $
olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $
olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $
olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $
olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $
olcDbShmKey $ olcSpSessionlog $ olcChainMaxReferralDepth $
olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $
shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $
shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber
) )
1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $
olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord
$ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $
homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $
ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $
olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord
$ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $
homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ ipHostNumber $
ipNetworkNumber $ ipNetmaskNumber $ macAddress $ bootFile $ nisMapEntry ) )
2.5.13.39 (certificateListMatch): 2.5.13.38
(certificateListExactMatch): matchingRuleUse: ( 2.5.13.38 NAME
'certificateListExactMatch' APPLIES ( authorityRevocationList $
certificateRevocationList $ deltaRevocationList ) )
2.5.13.35 (certificateMatch): 2.5.13.34 (certificateExactMatch):
matchingRuleUse: ( 2.5.13.34 NAME 'certificateExactMatch' APPLIES (
userCertificate $ cACertificate ) )
2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: (
2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES (
supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $
supportedApplicationContext ) )
2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29
NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl
$ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $
olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $
olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $
olcIndexIntLen $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $
olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $
olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $
olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $
olcSpSessionlog $ olcChainMaxReferralDepth $ olcDbProtocolVersion $
olcDbConnectionPoolMax $ mailPreferenceOption $ shadowLastChange $ shadowMin
$ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $
ipServicePort $ ipProtocolNumber $ oncRpcNumber ) )
2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp ) )
2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME
'protocolInformationMatch' APPLIES protocolInformation )
2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemberMatch' APPLIES uniqueMember )
2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME
'presentationAddressMatch' APPLIES presentationAddress )
2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $
pager ) )
2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME
'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey ) )
2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME
'bitStringMatch' APPLIES x500UniqueIdentifier )
2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME
'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $
gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $
olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $
olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF
$ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $
olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $
olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $
olcDbSearchStack $ olcDbShmKey $ olcSpSessionlog $ olcChainMaxReferralDepth
$ olcDbProtocolVersion $ olcDbConnectionPoolMax $ mailPreferenceOption $
shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $
shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber
) )
2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME
'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $
olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $
olcReverseLookup $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $
olcDbLinearIndex $ olcSpNoPresent $ olcSpReloadHint $ olcChainCacheURI $
olcChainReturnError $ olcDbRebindAsUser $ olcDbChaseReferrals $
olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ olcDbNoRefs $
olcDbNoUndefFilter ) )
2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME
'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $
homePostalAddress ) )
2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )
2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME
'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME
'caseExactOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME
'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy
$ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $
olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $
olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $
olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $
olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $
olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $
olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $
olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $
olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $
olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $
olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $
olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $
olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $
olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $
olcDbLockDetect $ olcDbMode $ olcSpCheckpoint $ olcChainingBehavior $
olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $
olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $
olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $
olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $
knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $
title $ businessCategory $ postalCode $ postOfficeBox $
physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $
generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $
textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $
documentIdentifier $ documentTitle $ documentVersion $ documentLocation $
personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName
$ documentPublisher $ carLicense $ departmentNumber $ displayName $
employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $
nisMapName ) )
2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME
'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME
'caseIgnoreOrderingMatch' APPLIES ( serialNumber $ destinationIndicator $
dnQualifier ) )
2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME
'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $
vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $
olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $
olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy
$ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $
olcDitContentRules $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $
olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $
olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $
olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $
olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $
olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $
olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $
olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $
olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $
olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $
olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $
olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $
olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $
olcDbLockDetect $ olcDbMode $ olcSpCheckpoint $ olcChainingBehavior $
olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $
olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $
olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $
olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $
knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $
title $ businessCategory $ postalCode $ postOfficeBox $
physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $
generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $
textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $
documentIdentifier $ documentTitle $ documentVersion $ documentLocation $
personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName
$ documentPublisher $ carLicense $ departmentNumber $ displayName $
employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $
nisMapName ) )
1.2.36.79672281.1.13.3 (rdnMatch): 2.5.13.1
(distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME
'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $
subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $
dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $
olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $
olcDbIDAssertAuthcDn $ member $ owner $ roleOccupant $ manager $
documentAuthor $ secretary $ associatedName $ dITRedirect ) )
2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $
supportedFeatures $ supportedApplicationContext ) )
slaptest startup: initiated.
backend_startup_one: starting "cn=config"
config_back_db_open
config_build_entry: "cn=config"
config_build_entry: "cn=module{0}"
config_build_entry: "cn=schema"
config_build_entry: "cn={0}core"
config_build_entry: "cn={1}cosine"
config_build_entry: "cn={2}inetorgperson"
config_build_entry: "cn={3}nis"
config_build_entry: "olcDatabase={-1}frontend"
config_build_entry: "olcDatabase={0}config"
config_build_entry: "olcDatabase={1}hdb"
backend_startup_one: starting "dc=wesleyseminary,dc=edu"
hdb_db_open: database "dc=wesleyseminary,dc=edu":
dbenv_open(/var/lib/openldap-data).
config file testing succeeded
slaptest shutdown: initiated
====> bdb_cache_release_all
slaptest destroy: freeing system resources.
---End Output---
Regards,
Christopher Kurtis Koeber
(W): (202) 885-8654
(C): (301) 467-8417
http://www.chriskoeber.com
-----Original Message-----
From: Christopher Koeber [mailto:ckoe...@gmail.com]
Sent: Monday, May 24, 2010 11:49 AM
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Cannot start Slapd (OpenLDAP)
On 5/22/10, Ward Poelmans <wpoel...@gmail.com> wrote:
> On Sat, May 22, 2010 at 21:26, Christopher Kurtis Koeber
> <ckoe...@gmail.com> wrote:
>
>> XXXXXXXXXX~ # slaptest
>>
>> hdb_db_open: warning - no DB_CONFIG file found in directory
>> /var/lib/openldap-data: (2).
>>
>> Expect poor performance for suffix "dc= XXXXXXXXXXXX,dc=XXX".
>>
>> hdb_db_open: database "dc= XXXXXXXXXXXX,dc=XXX":
>> db_open(/var/lib/openldap-data/id2entry.bdb) failed: No such file or
>> directory (2).
>>
>> backend_startup_one (type=hdb, suffix="dc=XXXXXXXXXXXX,dc=XXX"):
>> bi_db_open
>> failed! (2)
>>
>> slap_startup failed (test would succeed using the -u switch)
>>
>> So, I am guessing I need to initialize somehow? Is that right?
>
> Normally, if the directory /var/lib/openldap-data/ exists and is
> read-writeable for the user under which slapd is running, slapd
> creates the database for you. But you beter copy a DB_CONFIG to there
> for good perfomance.
>
> Ward
>
>
I tried running the service as root with the same results below, so I don't
think this is a permissions issue, especially since I am attempting to run
this straight from a standard emerge with no customizations beyond what was
given in the guide.
Here is the latest:
hdb_db_open: warning - no DB_CONFIG file found in directory
/var/lib/openldap-data: (2).
Expect poor performance for suffix "dc=XXXXXXXXX,dc=XXX".
hdb_db_open: database "dc=XXXXXXXXX,dc=XXX":
db_open(/var/lib/openldap-data/id2entry.bdb) failed: No such file or
directory (2).
backend_startup_one (type=hdb, suffix="dc=XXXXXXXXX,dc=XXX"):
bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)
--
Regards,
Christopher Koeber
