root 66

Q: LDAP is not running after 10.6.5 update - Help!

After10.6.5 update to LDAP doesen't run. This means the Server is practically dead, because no one can connect to it's services anymore.

Does anyone can help - PLEASE!

+Nov 11 13:44:56 server slapd[68]: @(#) $OpenLDAP: slapd 2.4.11 (Aug 12 2010 17:17:10) $+
+Nov 11 13:44:59 server slapd[68]: daemon: SLAPSOCKINIT: dtblsize=8192+
+Nov 11 13:45:08 server slapd[68]: main: TLS init def ctx failed: -1+
+Nov 11 13:45:08 server slapd[68]: slapd stopped.+
+Nov 11 13:45:08 server slapd[68]: connections_destroy: nothing to destroy.+
+Nov 11 13:45:09 server slapd[194]: @(#) $OpenLDAP: slapd 2.4.11 (Aug 12 2010 17:17:10) $+
+Nov 11 13:45:09 server slapd[194]: daemon: SLAPSOCKINIT: dtblsize=8192+
+Nov 11 13:45:10 server slapd[194]: main: TLS init def ctx failed: -1+
+Nov 11 13:45:10 server slapd[194]: slapd stopped.+

Mac OS X (10.6.3)

Posted on Nov 11, 2010 5:08 AM

Close

Q: LDAP is not running after 10.6.5 update - Help!

  • All replies
  • Helpful answers

Previous Page 2
  • by gobi876h,

    gobi876h gobi876h Dec 18, 2010 6:01 PM in response to root 66
    Level 1 (0 points)
    Dec 18, 2010 6:01 PM in response to root 66
    I suffered from the same issue but was unable to resolve using the above methodology because the cn=config.ldif file was gone. I thought that this was an issue from the 10.6.5 upgrade, but my backups show that this stretches back to at least the 10.6.4 upgrade. For some reason, nothing came of missing the file until 10.6.5 came and the whole house of cards fell in (i'm also missing /usr/libexec/slurpd, but that's a different story). I solved the issue by recreating the cn=config.ldif file using /usr/bin/slaptest -f /etc/openldap/slapd.conf -F slapd.d in the /etc/openldap directory. With the .ldif in place, I could then get SSL turned back on.
  • by aliveonearth,

    aliveonearth aliveonearth Feb 10, 2011 11:08 PM in response to B. Kennedy
    Level 1 (0 points)
    Feb 10, 2011 11:08 PM in response to B. Kennedy
    Rrrr.. This one is a little over my head. Same problem. The update was never applied with the "In Progress" being displayed in server admin 12 hours later it was still there. I did a reboot and was locked out of work group manager and no more ssh. This turned out to be a DNS related issue. as the reverse lookup on my local network was returning the servers external IP rather than the local one causing any authentication to fail. After restoring and fixing DNS I could use screen sharing and got a terminal on the server fro the local host and have server admin up. LDAP service are stopped and my root certificate is not valid. / Created a new one and trusted it in the keychain. reboot. LDAP still not started and I am here...
  • by aliveonearth,

    aliveonearth aliveonearth Feb 10, 2011 11:38 PM in response to aliveonearth
    Level 1 (0 points)
    Feb 10, 2011 11:38 PM in response to aliveonearth
    Any advice on what this actually means.. ??
    It looks to be like I don't have a configuration set up at all ?
    This is out side of the scope of my knowledge.... So if there are any one out there who know suggestions welcome.


    /usr/libexec/slapd -d -1
    @(#) $OpenLDAP: slapd 2.4.11 (Aug 12 2010 17:17:10) $
    daemon_init: <null>
    ODNodeCustomCall node(/Cache) - ERROR (4001)
    daemon: SLAPSOCKINIT: dtblsize=256
    daemon_init: listen on ldap:///
    daemon_init: 1 listeners to open...
    ldapurl_parseext(ldap:///)
    daemon: bind(8) failed errno=13 (Permission denied)
    daemon: bind(8) failed errno=13 (Permission denied)
    slapopenlistener: failed on ldap:///
    slapd stopped.
    connections_destroy: nothing to destroy.
    ODNodeCustomCall node(/Cache) - ERROR (4001)
  • by aliveonearth,

    aliveonearth aliveonearth Feb 11, 2011 9:18 PM in response to aliveonearth
    Level 1 (0 points)
    Feb 11, 2011 9:18 PM in response to aliveonearth
    Success .. Removed the 5 offending lines with reference to my old root certificate and .. LDAP is up and runnig again...
  • by perigean,

    perigean perigean Feb 18, 2011 7:06 AM in response to aliveonearth
    Level 1 (0 points)
    Feb 18, 2011 7:06 AM in response to aliveonearth
    I'm attempting this fix, but received a "Permission Denied" response after entering the "...cn=config.ldif".

    Any suggestions?
  • by Dr Mike,

    Dr Mike Dr Mike Apr 11, 2011 7:39 AM in response to root 66
    Level 1 (115 points)
    Apr 11, 2011 7:39 AM in response to root 66
    Absolute gold. I can't thank you enough for posting this!
  • by Dr Mike,

    Dr Mike Dr Mike Apr 11, 2011 7:45 AM in response to perigean
    Level 1 (115 points)
    Apr 11, 2011 7:45 AM in response to perigean
    You need root permissions to edit this file. Try using sudo or su to switch to the root account first.
  • by Bao-Khang Nguyen,

    Bao-Khang Nguyen Bao-Khang Nguyen Jan 3, 2012 12:42 PM in response to root 66
    Level 1 (15 points)
    Jan 3, 2012 12:42 PM in response to root 66

    Second Day of 2012! Certificate about to expire. Updated the Self-assigned Cert. Boom! Dead in the water. Running Snow Leopard (10.6.8).

     

    Well thanks to root66 Problem solved!

     

    Thanks a million!

     

    -Bao

  • by ruluk7,

    ruluk7 ruluk7 Jul 30, 2012 12:49 AM in response to root 66
    Level 1 (0 points)
    Jul 30, 2012 12:49 AM in response to root 66

    works also for me, thanks root 66!

  • by quickthyme@mac.com,

    quickthyme@mac.com quickthyme@mac.com Sep 28, 2012 9:39 AM in response to root 66
    Level 1 (0 points)
    Sep 28, 2012 9:39 AM in response to root 66

    Root 66, you saved the day with your response!!! Apple phone support told me I was going to have to rebuild my LDAP from scratch. Following your approach saved me countless hours, not to mention my job. THANK YOU!!

  • by Sellers,

    Sellers Sellers Oct 15, 2012 7:34 PM in response to RobFerguson
    Level 1 (10 points)
    Oct 15, 2012 7:34 PM in response to RobFerguson

    Thanks much - this was very helpful even in 10.8.  

  • by soerenkroeger,

    soerenkroeger soerenkroeger Jun 4, 2013 4:28 PM in response to Sellers
    Level 1 (0 points)
    Jun 4, 2013 4:28 PM in response to Sellers

    Even after updating to 10.8.4 !! Thanks a lot!

  • by Tyson Brown,

    Tyson Brown Tyson Brown Jul 8, 2013 11:37 PM in response to B. Kennedy
    Level 1 (5 points)
    Jul 8, 2013 11:37 PM in response to B. Kennedy

    Thankyou so much everyone, and particularly root66!  This post saved my bacon BIG TIME when my certificate update went terribly wrong....  Note that this worked in OS X server 10.7.4...

     

    Hurray!!! Thanks again!

  • by jhdore,

    jhdore jhdore Jan 14, 2014 4:02 PM in response to root 66
    Level 1 (0 points)
    Jan 14, 2014 4:02 PM in response to root 66

    Get In my son! Having trawled t'internet for nearly six hours, found your posting re the contents of /etc/openldap/slapd.d/cn=config.ldif containing outdated SSL certificate references. They do not match current SSL certificates, which was preventing my Lion Server LDAP and Open Directory from starting.

     

    deleting the outdated references cured the problem. Many thanks, dude!

Previous Page 2