Enable LDAP server on Solaris 11

 

I tried to enable the LDAP server inside the solaris 11 T5-2 chassis using the below command

# svcadm enable ldap/server

and below message is printed in Server console

Apr 20 17:30:15 <hostname> svc.startd[11]: network/ldap/server:openldap_24 failed: transitioned to maintenance (see 'svcs -xv' for details)
SUNW-MSG-ID: SMF-8000-YX, TYPE: defect, VER: 1, SEVERITY: major
EVENT-TIME: Mon Apr 20 17:30:15 EET 2015
PLATFORM: SPARC-T5-2, CSN: AK00247532, HOSTNAME: <hostname>
SOURCE: software-diagnosis, REV: 0.1
EVENT-ID: 92067780-6c30-6c73-ec28-a0fac2f0d16a
DESC: A service failed - a method is failing in a retryable manner but too often.
AUTO-RESPONSE: The service has been placed into the maintenance state.
IMPACT: svc:/network/ldap/server:openldap_24 is unavailable.
REC-ACTION: Run 'svcs -xv svc:/network/ldap/server:openldap_24' to determine the generic reason why the service failed, the location of any logfiles, and a list of other services impacted. Please refer to the associated reference document at http://support.oracle.com/msg/SMF-8000-YX for the latest service procedures and policies regarding this diagnosis.

First I check if the service online or not

# svcs | grep -i ldap
maintenance    17:30:15 svc:/network/ldap/server:openldap_24

The LDAP service is placed inside the maintenance status!!. I checked the service error and log file for LDAP service but nothing seems to be helpful

# svcs -xv
svc:/network/ldap/server:openldap_24 (slapd - OpenLDAP LDAP server)
State: maintenance since April 20, 2015 05:35:26 PM EET
Reason: Start method failed repeatedly, last exited with status 1.
See: http://support.oracle.com/msg/SMF-8000-KS
See: man -M /usr/share/man -s 8oldap slapd
See: http://www.openldap.org
See: /var/svc/log/network-ldap-server:openldap_24.log
Impact: This service is not running.

 

# cat /var/svc/log/network-ldap-server:openldap_24.log   
	[ Apr 20 17:30:14 Enabled. ]
	[ Apr 20 17:30:14 Executing start method ("/lib/svc/method/ldap-olslapd start"). ]
	[ Apr 20 17:30:15 Method "start" exited with status 1. ]
	[ Apr 20 17:30:15 Executing start method ("/lib/svc/method/ldap-olslapd start"). ]
	[ Apr 20 17:30:15 Method "start" exited with status 1. ]
	[ Apr 20 17:30:15 Executing start method ("/lib/svc/method/ldap-olslapd start"). ]
	[ Apr 20 17:30:15 Method "start" exited with status 1. ]
	[ Apr 20 17:35:10 Leaving maintenance because disable requested. ]
	[ Apr 20 17:35:10 Disabled. ]
	[ Apr 20 17:35:26 Enabled. ]
	[ Apr 20 17:35:26 Executing start method ("/lib/svc/method/ldap-olslapd start"). ]
	[ Apr 20 17:35:26 Method "start" exited with status 1. ]
	[ Apr 20 17:48:43 Leaving maintenance because disable requested. ]
	[ Apr 20 17:48:43 Disabled. ]
	[ Apr 20 17:48:47 Enabled. ]
	[ Apr 20 17:48:47 Executing start method ("/lib/svc/method/ldap-olslapd start"). ]
	[ Apr 20 17:48:47 Method "start" exited with status 1. ]


After a few online search, I found a Chinese guy faced the same problem and solution was sample. it’s an permission problem that deny openldap username to read or write config inside the openldap directory

# chown -R openldap:openldap /var/openldap

 

# ls -ltr
total 6

drwxr-xr-x   2 openldap openldap       2 Sep 19  2012 run

drwxr-xr-x   2 openldap openldap       3 Feb 17 13:45 openldap-data

Then I added a few configuration lines inside the ldap config file and restarted the service one more time

# cat /etc/openldap/slapd.conf
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

 

# svcadm disable ldap/server

 

# svcadm enable ldap/server

 

Now everything back to work smoothly and service is online

# svcs | grep ldap
online 18:10:11 svc:/network/ldap/server:openldap_24

 

Advertisements

Share you opinion to benefit others :)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s