SFTP Gateway Support

3.0

LDAP service cannot restart (dse.ldif)

Overview

On SFTP Gateway v2, you find that SFTP users are unable to log in via key-based authentication. And after troubleshooting, you find that the LDAP service is failing, even after you restart it.

If this is the case, read on to see if the issue is due to a missing dse.ldif file.

Diagnosing the issue

So far, you have tried restarting LDAP using the instructions in this article.

When you run this command:

netstat -nltp

You find that the LDAP service is not running. The server is also not listing on ports 389 and 636.

When you check on the status of the LDAP server:

HOSTNAME=$(hostname | cut -d"." -f1)
systemctl status dirsrv@$HOSTNAME

You find that the LDAP service is not running, and that there are some errors.

In order to see the errors more easily, run the following commands:

HOSTNAME=$(hostname | cut -d"." -f1)
journalctl -u dirsrv@$HOSTNAME

Look for any log output that mentions dse.ldif. For example:

Starting 389 Directory Server ip-172-16-1-3....

ds_systemd_ask_password_acl[12345]: grep: /etc/dirsrv/slapd-ip-172-16-1-3/dse.ldif: No such file or directory

INFO - dse_check_file - The config /etc/dirsrv/slapd-ip-172-16-1-3/dse.ldif can not be accessed. Attempting restore ... (reason: 0)

ERR - dse_check_file - The backup file /etc/dirsrv/slapd-ip-172-16-1-3/dse.ldif.bak has zero length, refusing to restore it.

ERR - slapd_bootstrap_config - No valid configurations can be accessed! You must restore /etc/dirsrv/slapd-ip-172-16-1-3/dse.ldif from backup!

EMERG - main - The configuration files in directory /etc/dirsrv/slapd-ip-172-16-1-3 could not be read or were not found.  Please refer to the error log or output for more information.

dirsrv@ip-172-16-1-3.service: main process exited, code=exited, status=1/FAILURE

Failed to start 389 Directory Server ip-172-16-1-3..

If you see similar output, keep reading for instructions on how to fix this issue.

Restoring the dse.ldif file

The log output is complaining that this file is missing:

/etc/dirsrv/slapd-ip-172-16-1-3/dse.ldif

Note: The folder path is going to be different for you, since the path is based on the server's hostname.

When you cd to the folder /etc/dirsrv/slapd-ip-172-16-1-3/, you should see the following files:

dse.ldif.bak
dse.ldif.startOK
dse_original.ldif

There are a few things to point out:

  • The dse.ldif file is missing
  • The dse.ldif.bak file has zero bytes

To fix the issue, you need to restore a working copy of the dse.ldif file:

cp -a dse.ldif.startOK dse.ldif

At this point, you should be able to restart LDAP:

HOSTNAME=$(hostname | cut -d"." -f1)
systemctl restart dirsrv@$HOSTNAME

Verify whether the LDAP service started:

systemctl status dirsrv@$HOSTNAME
netstat -nltp

Hopefully, LDAP should be running again.

PreviousSFTP Gateway 2.0 Lets Encrypt