After upgrading from CentOS 7.6 to 7.7 the slapd process receives a shutdown request a few seconds after its start. Where do I have to enable logging to get more information?
I'm using OpenLdap on CentOS 6/7 as an authentication backend, which worked fine for years.
Restarting slapd by:
systemctl start slapd.service
leads to a timeout error.
Restarting by:
/usr/sbin/slapd -u ldap -h "ldapi:/// ldap:///" -F /etc/openldap/slapd.d/
seems to be a workaround.
Any help is appreciated.
After an upgrade on CentOS 7, I have the same problem. I've been troubleshooting it for a few weeks including tweaking config files, permissions, restoring databases, yum downgrading OpenLDAP (painful). I've never been able to figure out why the service times out and stops. I've seen similar threads regarding other systemd processes doing similar things (mysql, samba), and even have seen a recent CentOS bug that seems relevant but isn't fixed yet. I even tried installing 389 Directory server and its admin console. This looks like a promising solution down the road since OpenLDAP will be eventually deprecated, but after all the time I spent getting it running and finding out that there are schema differences, I've decide to use the following lazy hack to get my slapd service to run at start with a really long timeout.
In the file /etc/systemd/system/multi-user.target.wants/slapd.service, I added the following line in the [Service] block:
TimeoutSec=31536000
This is a timeout of 1 year for the service to start. Since I'll probably reboot my server more often than that, it seemed like a reasonable choice. I believe this is the timeout for the service to start, and not related to any LDAP query operations. I know this is lazy, is not the fix, but it got my production server back online in regards to slapd service running and authenticating as it was before the yum update. Hope it helps you get running too until a solution is posted.
Edit: 03/21/2020 Several other discoveries have been made:
1) On regular distributions from centos.org, this seem to work fine. I created a local virtual machine to test this and prove it works. My distribution is from GoDaddy (CentOS 7.4), and the yum update brings it up to CentOS 7.7. However, this appears to be a bug with the distribution rather than OpenLDAP. I concluded this since the version of OpenLDAP (openldap-servers.x86_64-2.4.44-21.el7_6) seems to work on CentOS 7.4, but not on CentOS 7.7 after doing a yum update.
2) The systemctl unit file described above is actually a symbolic link. I seems to have better luck (more stability) editing the source of the symbolic link which is: /usr/lib/systemd/system/slapd.service
3) Here is a simple bash script to perform the workaround:
#!/bin/bash
echo -e "\n... Implementing OpenLDAP timeout workaround\n"
sed -i '/$SLAPD_OPTIONS/a TimeoutSec=31536000' /usr/lib/systemd/system/slapd.service
systemctl enable slapd.service
systemctl start slapd &
4) In order for this workaround to work, the slapd service must be started in the background with an & so that the launching shell can timeout after the period indicated in "TimeoutSec":
systemctl start slapd &
