Can't install new database in OpenLDAP 2.4 with BDB on Debian

Posted by Timothy High on Server Fault See other posts from Server Fault or by Timothy High
Published on 2012-03-01T15:41:33Z Indexed on 2014/08/18 22:23 UTC
Read the original article Hit count: 559

Filed under:
|
|

I'm trying to install an openldap server (slapd) on a Debian EC2 instance. I have followed all the instructions I can find, and am using the recommended slapd-config approach to configuration. It all seems to be just fine, except that for some reason it can't create my new database.

ldap.conf.bak (renamed to ensure it's not being used):

##########
# Basics #
##########
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel none

modulepath /usr/lib/ldap
# modulepath /usr/local/libexec/openldap
moduleload back_bdb.la

database config
#rootdn "cn=admin,cn=config"
rootpw secret

database bdb

suffix "dc=example,dc=com"
rootdn "cn=manager,dc=example,dc=com"
rootpw secret
directory /usr/local/var/openldap-data

########
# ACLs #
########
access to attrs=userPassword
 by anonymous auth
 by self write
 by * none

access to *
 by self write
 by * none

When I run slaptest on it, it complains that it couldn't find the id2entry.bdb file:

root@server:/etc/ldap# slaptest -f ldap.conf.bak -F slapd.d
bdb_db_open: database "dc=example,dc=com": db_open(/usr/local/var/openldap-data/id2entry.bdb) failed: No such file or directory (2).
backend_startup_one (type=bdb, suffix="dc=example,dc=com"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)

Using the -u switch it works, of course. But that merely creates the configuration. It doesn't resolve the underlying problem:

root@server:/etc/ldap# slaptest -f ldap.conf.bak -F slapd.d -u
config file testing succeeded

Looking in the database directory, the basic files are there (with right ownership, after a manual chown), but the dbd file wasn't created:

root@server:/etc/ldap# ls -al /usr/local/var/openldap-data
total 4328
drwxr-sr-x 2 openldap openldap    4096 Mar  1 15:23 .
drwxr-sr-x 4 root     staff       4096 Mar  1 13:50 ..
-rw-r--r-- 1 openldap openldap    3080 Mar  1 14:35 DB_CONFIG
-rw------- 1 openldap openldap   24576 Mar  1 15:23 __db.001
-rw------- 1 openldap openldap  843776 Mar  1 15:23 __db.002
-rw------- 1 openldap openldap 2629632 Mar  1 15:23 __db.003
-rw------- 1 openldap openldap  655360 Mar  1 14:35 __db.004
-rw------- 1 openldap openldap 4431872 Mar  1 15:23 __db.005
-rw------- 1 openldap openldap   32768 Mar  1 15:23 __db.006
-rw-r--r-- 1 openldap openldap    2048 Mar  1 15:23 alock

(note that, because I'm doing this as root, I had to also change ownership of some of the files created by slaptest)

Finally, I can start the slapd service, but it dies in the attempt (text from syslog):

Mar  1 15:06:23 server slapd[21160]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 15 2011 13:31:57) $#012#011@incagijs:/home/thijs/debian/p-u/openldap-2.4.23/debian/build/servers/slapd
Mar  1 15:06:23 server slapd[21160]: config error processing olcDatabase={1}bdb,cn=config:
Mar  1 15:06:23 server slapd[21160]: slapd stopped.
Mar  1 15:06:23 server slapd[21160]: connections_destroy: nothing to destroy.

I manually checked the olcDatabase={1}bdb file, and it looks fine to my amateur eye. All my specific configs are there. Unfortunately, syslog isn't reporting a specific error in this case (if it were a file permission error, it would say). I've tried uninstalling and reinstalling slapd, changing permissions, Googling my wits out, but I'm tapped out. Any OpenLDAP genius out there would be greatly appreciated!

© Server Fault or respective owner

Related posts about debian

Related posts about amazon-ec2