0

Hope someone can help me out here. I forgot the OpenLDAP admin password on a debian server and in the process, I specified the password in the slapd config file as follows:

olcRootPW: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

I am following the guide here: http://techiezone.rottigni.net/2011/12/change-root-dn-password-on-openldap/

When I run service slapd start I receive the following error:

Starting OpenLDAP: slapdrm: cannot remove `/var/lib/ldap/alock': No such file or directory
 failed!

I removed this but to no avail.

I have restarted the server however this did not make any difference. I have full access to the server.

Any suggestions on how to get OpenLDAP running again?

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
Meh
  • 11
  • 1
  • Look in the init script - this looks like an error there (an "rm" command), not from slapd itself. Try ``sh -x /etc/init.d/slapd start`` (assuming you're still running a sysv'ish init with startup shell scripts - if you're on systemd, thereis some similar method but i don't know how you'd go about it. – Dan Pritts Apr 30 '15 at 02:58
  • Hi Dan. When I run this, here is the response: http://pastebin.com/XYAMtaCh – Meh Apr 30 '15 at 07:31
  • are you sure the /var/lib/ldap directory exists? is your database there? – Dan Pritts Apr 30 '15 at 21:50
  • which version of Debian and OpenLDAP are you using (`apt-cache show slapd | egrep "^Version:"`) – umläute May 06 '15 at 11:32

1 Answers1

1

somewhere in the slapd_start function of your /etc/init.d/slapd script, there is a line similar to:

 rm /var/lib/ldap/alock

now, for whatever reasons, this file is non-existant, and the script stops because it fails to remove the non-existant file (which is obviously hard to remove, as it is not there anymore).

you can simply fix this by telling rm to try harder using the -f (aka --force flag). so change the above line in the script to

 rm -f /var/lib/ldap/alock
umläute
  • 469
  • 1
  • 7
  • 26
  • That's pretty interesting, I was not aware using the -f flag will also make end rm with success status even there was no file to delete. – alphamikevictor May 06 '15 at 11:43
  • @alphamikevictor, the manpage says *-f: ignore nonexistent files and arguments, never prompt*; so it's really a "force success" rather than "force remove" – umläute May 06 '15 at 11:48