Starting and Stopping the OpenLDAP Server

July 19, 2021

At this point, we have configured our slapd.conf file. We are now ready to start our server. There are two different ways to run the SLAPD server: we can either use the init script provided with the distribution, or we can run the slapd command directly. Each way has its advantages, and we will look at both here.

Using the Init Script

The OpenLDAP packages that are installed with Ubuntu include a startup script that is located, along with other service startup scripts, in the /etc/init.d/ directory. The scripts in /etc/init.d/, usually referred to as the init scripts, are used to automatically start and stop services when the system run level changes (when the system boots, halts, or reboots), and by default, OpenLDAP should be configured to start when the server boots, and stop during halts and reboots.

The ldap init script provides a convenient way to start, stop, and restart the server. You can start it (if it is not already running) with the Ubuntu invoke-rc.d command:

$ sudo invoke-rc.d slapd start

You can use the same script to stop the server. Just change start to stop:

$ sudo invoke-rc.d slapd stop

Similarly, to restart, use the restart command instead of start or stop.

The init scripts set up default parameters and pass in many system options. Some of these are stored in a separate configuration file located at /etc/default/slapd. For example, by setting the SLAPD_USER and SLAPD_GROUP variables to a particular system user ID and group ID, you can run SLAPD as a user other than the default.

The OpenLDAP server must start as root, in order to bind to the correct TCP/IP port (389 or 636 by default). Then it will switch and use the user account and group specified in the file located at /etc/default/slapd.

Note:

Ubuntu creates a special user and group, named openldap, for running SLAPD. Other distributions run SLAPD as root, which is not a good idea from a security point of view.

Other settings, such as logging settings, can also be made in this configuration file.

Running SLAPD Directly

Sometimes, it is useful to start SLAPD directly from the command line. This may make it easier to see error messages when starting of the server fails, or to test configurations before making any changes to the init script or its configuration files.

To start the SLAPD server directly, simply run the slapd command:

$ sudo slapd

This will start the SLAPD server in the background.

Note:

If you compiled OpenLDAP from source, the slapd command will be at /usr/local/libexec/, which is not, by default, in $PATH. You will have to run the command using the full path: /usr/local/libexec/slapd.

The server will write its process ID to the location specified in the pidfile directive in slapd.conf. In our case, this is /var/run/slapd/slapd.pid. We can stop the server by using the standard kill command:

$ sudo kill `cat /var/run/slapd/slapd.pid`

This command first uses the cat program to print the contents of the file (which is simply the process ID of slapd). Note that the cat command is surrounded by backticks (`), not single quotes ('). The backticks tell the shell to treat the statement as a command to be executed. The process ID is then passed to the kill command, which instructs the process to shut itself down.

In cases where the slapd.pid file is not available you might find it more expedient to kill the server with this command:

$ sudo kill `pgrep slapd`

Sometimes though, it is more useful to start the command in the foreground, and set debugging information to print out in the terminal window. This can be done quite easily as well:

$ sudo slapd -d config 

In the command above we use the -d flag to print logging information to the shell’s standard output. This means that slapd will print information to the terminal window. The -d flag takes one parameter—the debugging level. We have specified config, which instructs the server to print verbose logging information about the processing of the configuration file.

The output looks something like this:

@(#) $OpenLDAP: slapd 2.3.24 (Jun 16 2006 23:35:48) $ 
      mbutcher@bezer:/home/mbutcher/temp/openldap-2.3.24/servers/slapd
reading config file /etc/ldap/slapd.conf
line 6 (include /etc/ldap/schema/core.schema)
reading config file /etc/ldap/schema/core.schema
line 44 (rootdn "cn=Manager,dc=example,dc=com")
line 45 (rootpw ***)
line 47 (directory /var/lib/ldap)
line 48 (index objectClass eq)
index objectClass 0x0004
line 49 (index cn eq,sub,pres,approx)
index cn 0x071e
slapd starting

This can be one other useful way to ferret out configuration issues. The -d flag will take any of the debugging levels specified in the slapd.conf man page. I find acl useful for debugging access problems, and filter is often useful in figuring out trouble with searches.

When -d is specified the program will run in the foreground. To stop the server simply hit CTRL+C. This will stop the server and return you to a shell prompt.

Other useful command line parameters to use with slapd are -u and -g. Each takes one argument: -u takes a username and -g takes a groupname. These control the effective UID and GID (user ID and group ID) that SLAPD runs as. Once SLAPD has started and connected to the appropriate ports (which it must do as root), it will switch its UID and GID to the names specified in these parameters.

Note:

To get a list of other command line flags that we can use with slapd, refer to the man page for slapd.

You can verify that slapd is running by checking if /var/run/slapd/slapd.pid exists, or by running pgrep slapd, which will display the process ID of slapd if it’s running. If no process ID number is returned, slapd is not running.

Related Articles

How to add swap space on Ubuntu 21.04 Operating System

How to add swap space on Ubuntu 21.04 Operating System

The swap space is a unique space on the disk that is used by the system when Physical RAM is full. When a Linux machine runout the RAM it use swap space to move inactive pages from RAM. Swap space can be created into Linux system in two ways, one we can create a...

read more

Lorem ipsum dolor sit amet consectetur

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

4 × one =