Linux

slapd.service 的作業失敗,因為控制程序以錯誤程式碼退出?

  • February 9, 2021

由於某些問題,我已經設置了 OpenLdap 之後正確啟動,我終止了程序。現在,每當我嘗試時,systemctl start slapd.service我都會得到

slapd.service 的作業失敗,因為控制程序以錯誤程式碼退出。有關詳細資訊,請參閱“systemctl status slapd.service”和“journalctl -xe”。

此命令journalctl -xe提供以下資訊

Nov 28 21:54:36 suredevbana3 systemd[1]: Starting OpenLDAP Server Daemon...
-- Subject: Unit slapd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit slapd.service has begun starting up.
Nov 28 21:54:36 suredevbana3 runuser[2898]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Nov 28 21:54:36 suredevbana3 runuser[2898]: pam_unix(runuser:session): session closed for user ldap
Nov 28 21:54:36 suredevbana3 slapcat[2902]: DIGEST-MD5 common mech free
Nov 28 21:54:36 suredevbana3 runuser[2909]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Nov 28 21:54:36 suredevbana3 runuser[2909]: pam_unix(runuser:session): session closed for user ldap
Nov 28 21:54:36 suredevbana3 runuser[2911]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Nov 28 21:54:36 suredevbana3 runuser[2911]: pam_unix(runuser:session): session closed for user ldap
Nov 28 21:54:36 suredevbana3 runuser[2913]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Nov 28 21:54:36 suredevbana3 runuser[2913]: pam_unix(runuser:session): session closed for user ldap
Nov 28 21:54:36 suredevbana3 runuser[2915]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Nov 28 21:54:36 suredevbana3 runuser[2915]: pam_unix(runuser:session): session closed for user ldap
Nov 28 21:54:36 suredevbana3 runuser[2917]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Nov 28 21:54:36 suredevbana3 runuser[2917]: pam_unix(runuser:session): session closed for user ldap
Nov 28 21:54:36 suredevbana3 check-config.sh[2894]: Read/write permissions for DB file '/var/lib/ldap/__db.001' are required.
Nov 28 21:54:36 suredevbana3 runuser[2919]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Nov 28 21:54:36 suredevbana3 runuser[2919]: pam_unix(runuser:session): session closed for user ldap
Nov 28 21:54:36 suredevbana3 check-config.sh[2894]: Read/write permissions for DB file '/var/lib/ldap/__db.002' are required.
Nov 28 21:54:36 suredevbana3 runuser[2921]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
Nov 28 21:54:36 suredevbana3 runuser[2921]: pam_unix(runuser:session): session closed for user ldap
Nov 28 21:54:36 suredevbana3 check-config.sh[2894]: Read/write permissions for DB file '/var/lib/ldap/__db.003' are required.
Nov 28 21:54:36 suredevbana3 systemd[1]: slapd.service: control process exited, code=exited status=1
Nov 28 21:54:36 suredevbana3 systemd[1]: Failed to start OpenLDAP Server Daemon
-- Subject: Unit slapd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit slapd.service has failed.
--
-- The result is failed. Nov 28 21:54:36 suredevbana3 systemd[1]: Unit slapd.service entered failed state. Nov 28 21:54:36 suredevbana3 systemd[1]: slapd.service failed. Nov 28 21:54:36 suredevbana3 polkitd[717]: Unregistered Authentication Agent for unix-process:2887:70553439 (system bus name :1.2956, object path /org/freedesktop/PolicyKit1lines 2393-2430/2430 (END)

在此之後,我檢查了slapd -d 1這給了我以下資訊 l

dap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/openldap/ldap.conf
ldap_init: using /etc/openldap/ldap.conf
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
5a1d9112 @(#) $OpenLDAP: slapd 2.4.44 (Jun  6 2017 18:04:02) $
       mockbuild@x86-019.build.eng.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
ldap_pvt_gethostbyname_a: host=suredevbana3, r=0
5a1d9112 daemon_init: listen on ldap:///
5a1d9112 daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
5a1d9112 daemon: bind(7) failed errno=98 (Address already in use)
5a1d9112 daemon: bind(7) failed errno=98 (Address already in use)
5a1d9112 slap_open_listener: failed on ldap:///
5a1d9112 slapd stopped.
5a1d9112 connections_destroy: nothing to destroy.

如下請見

" ============================================================================
" Netrw Directory Listing                                        (netrw v149)
"   /etc/openldap/slapd.d/cn=config
"   Sorted by      name
"   Sort sequence: [\/]$,\<core\%(\.\d\+\)\=\>,\.h$,\.c$,\.cpp$,\~\=\*$,*,\.o$,\.obj$,\.info$,\.swp$,\.bak$,\~$
"   Quick Help: <F1>:help  -:go up dir  D:delete  R:rename  s:sort-by  x:exec
" ============================================================================
../
./
cn=schema/
cn=schema.ldif
olcDatabase={-1}frontend.ldif
olcDatabase={0}config.ldif
olcDatabase={1}monitor.ldif
olcDatabase={2}hdb.ldif
.swp

另一個資訊是從這個命令開始的

slapd -d -1 -F /etc/openldap/slapd.d
check-config.sh[2894]: Read/write permissions for DB file '/var/lib/ldap/__db.003' are required.

slapdldap預設以使用者身份執行,如果您嘗試以 root 使用者身份啟動它(或載入 ldif 等),它會創建權限不正確的文件。嘗試chown -R ldap.ldap /var/lib/ldap修復權限並啟動服務。

我也面臨同樣的問題,但我已經用下面的命令解決了:

setenforce 0
getenforce

如果你想堅持它:

vi /etc/selinux/config

將此參數更改SELINUX=enforcingSELINUX=permissive

引用自:https://serverfault.com/questions/885554