On 19/8/2025 5:31 μ.μ., Clément OUDOT wrote:
you may have forgotten to set correct permissions on cn=config
directory. With LTB packages, do:
# chown -R ldap:ldap /usr/local/openldap/etc/openldap/slapd.d
To see debug logs, you can try to run slapd-cli debug
Hi Clement,
Thanks for replying.
Actually "slapd-cli debug" helped. The issue was that it was trying to
load slapd.conf and its dependencies.
(Permissions / ownership of slapd.d tree were fine.)
I thought that in v2.6.x configuration using slapd.conf is no more
supported. However, I found that slapd-cli was pre-configured to run
using slapd.conf.
I changed settings in slapd-cli.conf which were:
SLAPD_CONF="$SLAPD_PATH/etc/openldap/slapd.conf"
SLAPD_CONF_DIR=""
to:
SLAPD_CONF="" SLAPD_CONF_DIR="$SLAPD_PATH/etc/openldap/slapd.d"
and things worked fine; openldap loads and works fine.
Interestingly, on another server (also Rocky 9) where I have also
installed openldap-ltb, ldap-cli.conf had different initial settings:
SLAPD_CONF="$SLAPD_PATH/etc/openldap/slapd.conf"
SLAPD_CONF_DIR="/usr/local/openldap/etc/openldap/slapd.d"
In this case it seems that the latter setting takes precedence because
it loads normally although there exists a slapd.conf file as well.
Yet, I wonder how the two servers had different slapd-cli.conf
settings. I guess when the package is installed it may adapt config
file(s) according to some system parameters.
Best regards,
Nick
