slapd 无法启动(由于缺少证书?)

tag-icon tag-icon ssl-certificate ldap openldap certificate
slapd 无法启动(由于缺少证书?)

我正在尝试在 CentOS 7.5 上设置 OpenLDAP 服务器。以下指南似乎运行得很好,直到服务器崩溃导致出现问题(不再接受 LDAP 密码)。我甚至无法弄清楚问题到底是什么,所以我尝试通过执行以下几行来重置系统上的所有 OpenLDAP 内容:

systemctl stop slapd
systemctl disable slapd
yum -y remove openldap-servers openldap-clients
rm -rf /var/lib/ldap
userdel ldap
rm -rf /etc/openldap

不幸的是,我认为最后一行删除了一些证书,所以我无法再启动 slapd.service。当我尝试

systemctl start slapd.service

我收到错误引用:

Job for slapd.service failed because the control process exited with error code. See "systemctl status slapd.service" and "journalctl -xe" for details.

“journalctl -xe”告诉我这个:

Jun 01 10:40:15 ldap sudo[6291]: tigraebe : TTY=pts/0 ; PWD=/etc/pki/tls/certs ; USER=root ; COMMAND=/bin/systemctl start slapd.service
Jun 01 10:40:15 ldap polkitd[1104]: Registered Authentication Agent for unix-process:6292:584482 (system bus name :1.136 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit
Jun 01 10:40:15 ldap systemd[1]: Starting OpenLDAP Server Daemon...
-- Subject: Unit slapd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit slapd.service has begun starting up.
Jun 01 10:40:15 ldap runuser[6303]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Jun 01 10:40:15 ldap runuser[6303]: pam_unix(runuser:session): session closed for user ldap
Jun 01 10:40:15 ldap slapcat[6307]: DIGEST-MD5 common mech free
Jun 01 10:40:15 ldap slapd[6316]: @(#) $OpenLDAP: slapd 2.4.44 (May 16 2018 09:55:53) $
                                         [email protected]:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
Jun 01 10:40:15 ldap slapd[6316]: main: TLS init def ctx failed: -1
Jun 01 10:40:15 ldap slapd[6316]: DIGEST-MD5 common mech free
Jun 01 10:40:15 ldap slapd[6316]: slapd stopped.
Jun 01 10:40:15 ldap slapd[6316]: connections_destroy: nothing to destroy.
Jun 01 10:40:15 ldap systemd[1]: slapd.service: control process exited, code=exited status=1
Jun 01 10:40:15 ldap systemd[1]: Failed to start OpenLDAP Server Daemon.
-- Subject: Unit slapd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit slapd.service has failed.
-- 
-- The result is failed.

我能看到的唯一错误是以下行(这是关于证书的,因为我删除了包含子文件夹 certs/ 的 openldap 文件夹?):

Jun 01 10:40:15 ldap slapd[6316]: main: TLS init def ctx failed: -1

但即使我花了几个小时在网上阅读并尝试自己解决这个问题,我仍然完全不知道如何解决这个问题。

欢迎任何提示或建议,但请记住我使用的是 CentOS 而不是 Ubuntu。

提前致谢

相关内容