ldap无法登陆，报错daemon: bind(7) failed errno=98 (Address already in use)这是怎

liaozd

1. [root@vfxdc02 openldap]# slapd -d 256
   
2. @(#) $OpenLDAP: slapd 2.4.23 (Oct 31 2012 08:14:14) $
   
3.         mockbuild@x86-022.build.eng.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
   
4. daemon: bind(7) failed errno=98 (Address already in use)
   
5. daemon: bind(7) failed errno=98 (Address already in use)
   
6. slapd stopped.
   
7. connections_destroy: nothing to destroy.
   
8. [root@vfxdc02 openldap]# lsof -i :389
   
9. COMMAND PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
   
10. slapd   717 ldap    7u  IPv4 139221      0t0  TCP *:ldap (LISTEN)
    
11. slapd   717 ldap    8u  IPv6 139222      0t0  TCP *:ldap (LISTEN)

复制代码

centos6.4 64位的，2.6.32-71.el6.x86_64

slapd.conf文件内容：

1. 
   
2. #
   
3. # See slapd.conf(5) for details on configuration options.
   
4. # This file should NOT be world readable.
   
5. #
   
6. 
   
7. include                /etc/openldap/schema/corba.schema
   
8. include                /etc/openldap/schema/core.schema
   
9. include                /etc/openldap/schema/cosine.schema
   
10. include                /etc/openldap/schema/duaconf.schema
    
11. include                /etc/openldap/schema/dyngroup.schema
    
12. include                /etc/openldap/schema/inetorgperson.schema
    
13. include                /etc/openldap/schema/java.schema
    
14. include                /etc/openldap/schema/misc.schema
    
15. include                /etc/openldap/schema/nis.schema
    
16. include                /etc/openldap/schema/openldap.schema
    
17. include                /etc/openldap/schema/ppolicy.schema
    
18. include                /etc/openldap/schema/collective.schema
    
19. 
    
20. # Allow LDAPv2 client connections.  This is NOT the default.
    
21. allow bind_v2
    
22. 
    
23. # Do not enable referrals until AFTER you have a working directory
    
24. # service AND an understanding of referrals.
    
25. #referral        ldap://root.openldap.org
    
26. 
    
27. pidfile                /var/run/openldap/slapd.pid
    
28. argsfile        /var/run/openldap/slapd.args
    
29. 
    
30. # Load dynamic backend modules
    
31. # - modulepath is architecture dependent value (32/64-bit system)
    
32. # - back_sql.la overlay requires openldap-server-sql package
    
33. # - dyngroup.la and dynlist.la cannot be used at the same time
    
34. 
    
35. # modulepath /usr/lib/openldap
    
36. # modulepath /usr/lib64/openldap
    
37. 
    
38. # moduleload accesslog.la
    
39. # moduleload auditlog.la
    
40. # moduleload back_sql.la
    
41. # moduleload chain.la
    
42. # moduleload collect.la
    
43. # moduleload constraint.la
    
44. # moduleload dds.la
    
45. # moduleload deref.la
    
46. # moduleload dyngroup.la
    
47. # moduleload dynlist.la
    
48. # moduleload memberof.la
    
49. # moduleload pbind.la
    
50. # moduleload pcache.la
    
51. # moduleload ppolicy.la
    
52. # moduleload refint.la
    
53. # moduleload retcode.la
    
54. # moduleload rwm.la
    
55. # moduleload seqmod.la
    
56. # moduleload smbk5pwd.la
    
57. # moduleload sssvlv.la
    
58. # moduleload syncprov.la
    
59. # moduleload translucent.la
    
60. # moduleload unique.la
    
61. # moduleload valsort.la
    
62. 
    
63. # The next three lines allow use of TLS for encrypting connections using a
    
64. # dummy test certificate which you can generate by running
    
65. # /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk
    
66. # at self-signed certificates, however.
    
67. TLSCACertificatePath /etc/openldap/certs
    
68. TLSCertificateFile /etc/openldap/certs/slapdcert.pem
    
69. TLSCertificateKeyFile /etc/openldap/certs/slapdkey.pem
    
70. 
    
71. # Sample security restrictions
    
72. #        Require integrity protection (prevent hijacking)
    
73. #        Require 112-bit (3DES or better) encryption for updates
    
74. #        Require 63-bit encryption for simple bind
    
75. # security ssf=1 update_ssf=112 simple_bind=64
    
76. 
    
77. # Sample access control policy:
    
78. #        Root DSE: allow anyone to read it
    
79. #        Subschema (sub)entry DSE: allow anyone to read it
    
80. #        Other DSEs:
    
81. #                Allow self write access
    
82. #                Allow authenticated users read access
    
83. #                Allow anonymous users to authenticate
    
84. #        Directives needed to implement policy:
    
85. # access to dn.base="" by * read
    
86. # access to dn.base="cn=Subschema" by * read
    
87. # access to *
    
88. #        by self write
    
89. #        by users read
    
90. #        by anonymous auth
    
91. #
    
92. # if no access controls are present, the default policy
    
93. # allows anyone and everyone to read anything but restricts
    
94. # updates to rootdn.  (e.g., "access to * by * read")
    
95. #
    
96. # rootdn can always read and write EVERYTHING!
    
97. 
    
98. # enable on-the-fly configuration (cn=config)
    
99. database config
    
100. access to *
     
101.         by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
     
102.         by * none
     
103. 
     
104. # enable server status monitoring (cn=monitor)
     
105. database monitor
     
106. access to *
     
107.         by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
     
108.         by dn.exact="cn=Manager,dc=tdi,dc=com" read
     
109.         by * none
     
110. 
     
111. #######################################################################
     
112. # database definitions
     
113. #######################################################################
     
114. 
     
115. database        bdb
     
116. suffix                "dc=tdi,dc=com"
     
117. checkpoint        1024 15
     
118. rootdn                "cn=Manager,dc=tdi,dc=com"
     
119. # Cleartext passwords, especially for the rootdn, should
     
120. # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
     
121. # Use of strong authentication encouraged.
     
122. # rootpw                secret
     
123. # rootpw                {crypt}ijFYNcSNctBYg
     
124. rootpw {SSHA}+i0bUyR7XKMezavGyRQXb2cdRgB5AVut
     
125. 
     
126. # The database directory MUST exist prior to running slapd AND
     
127. # should only be accessible by the slapd and slap tools.
     
128. # Mode 700 recommended.
     
129. directory        /var/lib/ldap
     
130. 
     
131. # Indices to maintain for this database
     
132. index objectClass                       eq,pres
     
133. index ou,cn,mail,surname,givenname      eq,pres,sub
     
134. index uidNumber,gidNumber,loginShell    eq,pres
     
135. index uid,memberUid                     eq,pres,sub
     
136. index nisMapName,nisMapEntry            eq,pres,sub
     
137. 
     
138. # Replicas of this database
     
139. replogfile /var/lib/ldap/openldap-master-replog
     
140. #replica host=ldap-1.example.com:389 starttls=critical
     
141. #     bindmethod=sasl saslmech=GSSAPI
     
142. #     authcId=host/ldap-master.example.com@EXAMPLE.COM
     

复制代码

chenyx

address already in use,说明已经有进程在侦听对应的端口,你先将原来的进程kill掉再启动下

liaozd

回复 2# chenyx

Just try，好像还是不行:

1. [root@vfxdc02 ~]# slapd -d 256
   
2. @(#) $OpenLDAP: slapd 2.4.23 (Oct 31 2012 08:14:14) $
   
3.         mockbuild@x86-022.build.eng.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
   
4. daemon: bind(7) failed errno=98 (Address already in use)
   
5. daemon: bind(7) failed errno=98 (Address already in use)
   
6. slapd stopped.
   
7. connections_destroy: nothing to destroy.
   
8. [root@vfxdc02 ~]# ps -aux | grep slapd
   
9. Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ
   
10. root      3839  0.0  0.1 165652  5236 ?        Ssl  10:07   0:00 slapd
    
11. root      3844  0.0  0.0 105400   924 pts/0    S+   10:07   0:00 grep slapd
    
12. [root@vfxdc02 ~]# kill 3839
    
13. [root@vfxdc02 ~]# service slapd status
    
14. slapd dead but pid file exists
    
15. [root@vfxdc02 ~]# service slapd restart
    
16. Stopping slapd:                                            [FAILED]
    
17. Starting slapd:                                            [  OK  ]
    
18. [root@vfxdc02 ~]# ps -aux | grep slapd
    
19. Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ
    
20. ldap      3896  0.0  0.1 167724  5248 ?        Ssl  10:08   0:00 /usr/sbin/slapd -h  ldap:/// ldaps:/// ldapi:/// -u ldap
    
21. root      3902  0.0  0.0 105400   924 pts/0    S+   10:08   0:00 grep slapd
    
22. [root@vfxdc02 ~]# slapd -d 256
    
23. @(#) $OpenLDAP: slapd 2.4.23 (Oct 31 2012 08:14:14) $
    
24.         mockbuild@x86-022.build.eng.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
    
25. daemon: bind(7) failed errno=98 (Address already in use)
    
26. daemon: bind(7) failed errno=98 (Address already in use)
    
27. slapd stopped.
    
28. connections_destroy: nothing to destroy.

复制代码

chenyx

你已经启动slapd服务进程了.
你先service slapd stop,然后再slapd -d 256

liaozd

回复 4# chenyx

service slapd stop之后再slapd -d 256，相当于重启了slapd服务。会卡停在slapd starting那里，这时从另一个term中进入再测试slapd -d 256的结果和之前是一样的。卡在slpad starting那里最后我就ctrl+c停了。

1. [root@vfxdc02 ~]# slapd -d 256
   
2. @(#) $OpenLDAP: slapd 2.4.23 (Oct 31 2012 08:14:14) $
   
3.         mockbuild@x86-022.build.eng.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
   
4. slapd starting
   
5. ^Cdaemon: shutdown requested and initiated.
   
6. slapd shutdown: waiting for 0 operations/tasks to finish
   
7. slapd stopped.
   

复制代码

chenyx

那你为什么不用service直接启动呢?
ldap的服务配置你应该在配置文件里面做好就可以的

liaozd

回复 6# chenyx

谢谢您的回复。

不过我现在的问题是服务可以启动，可以添加用户到ldap的db里面，并且在authconfig里面设置了用ldap登录，但就是无法用ldap中的用户登录进来

1. [root@vfxdc02 ~]# ldapsearch -x -b "dc=tdi,dc=com"
   
2. # extended LDIF
   
3. #
   
4. # LDAPv3
   
5. # base <dc=tdi,dc=com> with scope subtree
   
6. # filter: (objectclass=*)
   
7. # requesting: ALL
   
8. #
   
9. 
   
10. # tdi.com
    
11. dn: dc=tdi,dc=com
    
12. dc: tdi
    
13. objectClass: top
    
14. objectClass: domain
    
15. 
    
16. # engineering, tdi.com
    
17. dn: ou=engineering,dc=tdi,dc=com
    
18. ou: engineering
    
19. objectClass: organizationalUnit
    
20. 
    
21. # liaoldap, engineering, tdi.com
    
22. dn: cn=liaoldap,ou=engineering,dc=tdi,dc=com
    
23. cn: liaoldap
    
24. sn: User
    
25. objectClass: inetOrgPerson
    
26. userPassword:: e1NTSEF9ck9XaHJKbm16VC8yZ29Ia2k5a3ZBSnI0ZUFsNW9BQ2c=
    
27. 
    

复制代码

1. [root@vfxdc02 ~]# su liaoldap
   
2. su: user liaoldap does not exist

复制代码

woxizishen

你這種情況類似使用ctrl+z停止服務。重新啟動即可順速解決。也可以不用重新啟動解決。還是cheny說的殺進程。你應該沒有完全殺掉openldap的相關進程。數據庫使用的是bdb還是？