I'm trying to install an openldap server (slapd) on a Debian EC2 instance. I have followed all the instructions I can find, and am using the recommended slapd-config approach to configuration. It all seems to be just fine, except that for some reason it can't create my new database.
ldap.conf.bak (renamed to ensure it's not being used):
##########
# Basics #
##########
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel none
modulepath /usr/lib/ldap
# modulepath /usr/local/libexec/openldap
moduleload back_bdb.la
database config
#rootdn "cn=admin,cn=config"
rootpw secret
database bdb
suffix "dc=example,dc=com"
rootdn "cn=manager,dc=example,dc=com"
rootpw secret
directory /usr/local/var/openldap-data
########
# ACLs #
########
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to *
by self write
by * none
When I run slaptest on it, it complains that it couldn't find the id2entry.bdb file:
root@server:/etc/ldap# slaptest -f ldap.conf.bak -F slapd.d
bdb_db_open: database "dc=example,dc=com": db_open(/usr/local/var/openldap-data/id2entry.bdb) failed: No such file or directory (2).
backend_startup_one (type=bdb, suffix="dc=example,dc=com"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)
Using the -u switch it works, of course. But that merely creates the configuration. It doesn't resolve the underlying problem:
root@server:/etc/ldap# slaptest -f ldap.conf.bak -F slapd.d -u
config file testing succeeded
Looking in the database directory, the basic files are there (with right ownership, after a manual chown), but the dbd file wasn't created:
root@server:/etc/ldap# ls -al /usr/local/var/openldap-data
total 4328
drwxr-sr-x 2 openldap openldap 4096 Mar 1 15:23 .
drwxr-sr-x 4 root staff 4096 Mar 1 13:50 ..
-rw-r--r-- 1 openldap openldap 3080 Mar 1 14:35 DB_CONFIG
-rw------- 1 openldap openldap 24576 Mar 1 15:23 __db.001
-rw------- 1 openldap openldap 843776 Mar 1 15:23 __db.002
-rw------- 1 openldap openldap 2629632 Mar 1 15:23 __db.003
-rw------- 1 openldap openldap 655360 Mar 1 14:35 __db.004
-rw------- 1 openldap openldap 4431872 Mar 1 15:23 __db.005
-rw------- 1 openldap openldap 32768 Mar 1 15:23 __db.006
-rw-r--r-- 1 openldap openldap 2048 Mar 1 15:23 alock
(note that, because I'm doing this as root, I had to also change ownership of some of the files created by slaptest)
Finally, I can start the slapd service, but it dies in the attempt (text from syslog):
Mar 1 15:06:23 server slapd[21160]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 15 2011 13:31:57) $#012#011@incagijs:/home/thijs/debian/p-u/openldap-2.4.23/debian/build/servers/slapd
Mar 1 15:06:23 server slapd[21160]: config error processing olcDatabase={1}bdb,cn=config:
Mar 1 15:06:23 server slapd[21160]: slapd stopped.
Mar 1 15:06:23 server slapd[21160]: connections_destroy: nothing to destroy.
I manually checked the olcDatabase={1}bdb file, and it looks fine to my amateur eye. All my specific configs are there. Unfortunately, syslog isn't reporting a specific error in this case (if it were a file permission error, it would say). I've tried uninstalling and reinstalling slapd, changing permissions, Googling my wits out, but I'm tapped out. Any OpenLDAP genius out there would be greatly appreciated!
