/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif 的内容
1 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
2 # CRC32 2e34b404
3 dn: olcDatabase={2}hdb
4 objectClass: olcDatabaseConfig
5 objectClass: olcHdbConfig
6 olcDatabase: {2}hdb
7 olcDbDirectory: /var/lib/ldap
8 olcSuffix: dc=ixsystems,dc=com
9 olcRootDN: cn=Manager,dc=ixsystems,dc=com
10 olcRootPW: {SSHA}WJTAm3glD5O87VKlhz5v3u4+1A3MVB8E
11 olcDbIndex: objectClass eq,pres
12 olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
13 structuralObjectClass: olcHdbConfig
14 entryUUID: c153cf4c-ed16-1034-9398-7188a52812eb
15 creatorsName: cn=config
16 createTimestamp: 20150911212105Z
17 entryCSN: 20150911212105.251273Z#000000#000#000000
18 modifiersName: cn=config
19 modifyTimestamp: 20150911212105Z
20 olcAccess: {0}to attrs=userPassword by self write by dn.base="cn=Manager,dc=ixsystems,dc=com" write by anonymous auth by * none
21 olcAccess: {1}to * by dn.base="cn=Manager,dc=ixsystems,dc=com" write by self write by * read
slapd.service 的内容
[root@qa-ldap-kerb ~]# systemctl status slapd.service
slapd.service - OpenLDAP Server Daemon
Loaded: loaded (/usr/lib/systemd/system/slapd.service; enabled)
Active: failed (Result: exit-code) since Sun 2015-09-13 02:46:27 EDT; 9s ago
Docs: man:slapd
man:slapd-config
man:slapd-hdb
man:slapd-mdb
file:///usr/share/doc/openldap-servers/guide.html
Process: 7692 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=1/FAILURE)
Process: 7678 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)
Sep 13 02:46:27 qa-ldap-kerb check-config.sh[7678]: Checking configuration file failed:
Sep 13 02:46:27 qa-ldap-kerb check-config.sh[7678]: 55f51bc3 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif"
Sep 13 02:46:27 qa-ldap-kerb check-config.sh[7678]: 55f51bc3 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"
Sep 13 02:46:27 qa-ldap-kerb check-config.sh[7678]: 55f51bc3 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif"
Sep 13 02:46:27 qa-ldap-kerb check-config.sh[7678]: 55f51bc3 str2entry: entry -1 has no dn
Sep 13 02:46:27 qa-ldap-kerb check-config.sh[7678]: slaptest: bad configuration file!
Sep 13 02:46:27 qa-ldap-kerb slapd[7692]: @(#) $OpenLDAP: slapd 2.4.39 (Mar 6 2015 04:35:49) $
[email protected]:/builddir/build/BUILD/openldap-2.4.39/openldap-2.4.39/servers/slapd
Sep 13 02:46:27 qa-ldap-kerb systemd[1]: slapd.service: control process exited, code=exited status=1
Sep 13 02:46:27 qa-ldap-kerb systemd[1]: Failed to start OpenLDAP Server Daemon.
Sep 13 02:46:27 qa-ldap-kerb systemd[1]: Unit slapd.service entered failed state.
systemctl start slapd 的内容
[root@qa-ldap-kerb ~]# systemctl start slapd
Job for slapd.service failed. See 'systemctl status slapd.service' and 'journalctl -xn' for details.
systemctl status -l slapd 的内容
[root@qa-ldap-kerb ~]# systemctl status -l slapd
slapd.service - OpenLDAP Server Daemon
Loaded: loaded (/usr/lib/systemd/system/slapd.service; enabled)
Active: failed (Result: exit-code) since Sun 2015-09-13 04:54:29 EDT; 1min 32s ago
Docs: man:slapd
man:slapd-config
man:slapd-hdb
man:slapd-mdb
file:///usr/share/doc/openldap-servers/guide.html
Process: 2401 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=1/FAILURE)
Process: 2387 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)
Sep 13 04:54:29 qa-ldap-kerb check-config.sh[2387]: Checking configuration file failed:
Sep 13 04:54:29 qa-ldap-kerb check-config.sh[2387]: 55f539c5 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif"
Sep 13 04:54:29 qa-ldap-kerb check-config.sh[2387]: 55f539c5 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"
Sep 13 04:54:29 qa-ldap-kerb check-config.sh[2387]: 55f539c5 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif"
Sep 13 04:54:29 qa-ldap-kerb check-config.sh[2387]: 55f539c5 str2entry: entry -1 has no dn
Sep 13 04:54:29 qa-ldap-kerb check-config.sh[2387]: slaptest: bad configuration file!
Sep 13 04:54:29 qa-ldap-kerb slapd[2401]: @(#) $OpenLDAP: slapd 2.4.39 (Mar 6 2015 04:35:49) $
[email protected]:/builddir/build/BUILD/openldap-2.4.39/openldap-2.4.39/servers/slapd
Sep 13 04:54:29 qa-ldap-kerb systemd[1]: slapd.service: control process exited, code=exited status=1
Sep 13 04:54:29 qa-ldap-kerb systemd[1]: Failed to start OpenLDAP Server Daemon.
Sep 13 04:54:29 qa-ldap-kerb systemd[1]: Unit slapd.service entered failed state.
答案1
我猜你最后一行有错误(#21)
olcAccess: {1}to * by dn.base="cn=Manager,dc=ixsystems,dc=com" write by * auth by read
将其更改为
olcAccess: {1}to * by dn.base="cn=Manager,dc=ixsystems,dc=com" write by self write by * read
更新配置并尝试一下。
答案2
数据库文件看起来正确,您收到校验和错误是因为您直接编辑了文件,这不会导致 ldap 完全失败
但你编辑的某个文件中显然有一个错误的配置条目
entry -1 has no dn
slaptest: bad configuration file!