In Message for openldap-server-2.4.41, slapd_flags='-h "ldapi://%252fvar%252frun%252fopenldap%252fldapi/ ldap://0.0.0.0/"' but opened Unix-domain socket is not decoded. # ps ax | grep ldap 4132 - Is 0:00.01 /usr/local/libexec/slapd -h ldapi://%252fvar%252frun%252fopenldap%252fldapi/ ldap://0.0.0.0/ -u ldap -g ldap # netstat -an | grep ldap fffff8000d3733c0 stream 0 0 fffff80018150760 0 0 0 %2fvar%2frun%2fopenldap%2fldapi Tried specify the option without escape. # ps ax | grep ldap 4212 - Is 0:00.01 /usr/local/libexec/slapd -h ldapi:///var/run/openldap/ldapi/ ldap://0.0.0.0/ -u ldap -g ldap # netstat -an | grep ldap fffff8000d3733c0 stream 0 0 fffff80023a40588 0 0 0 /var/run/openldap/ldapi Is this just a matter of the openldap-server's message ?
-h expects an URI so it has to be encoded. See http://www.openldap.org/doc/admin24/runningslapd.html#Command-Line Options for more details.
(In reply to Xin LI from comment #1) Thank you for reading. Not yet issue resolved. When use the -h with encoded URI is not working, but -h with no-encoded URI is working. In case FreeBSD 10.1 and openldap-server-2.4.41. Use the -h with encoded URI, we can see the WARNING. # sysrc slapd_flags slapd_flags: -h 'ldapi://%252fvar%252frun%252fopenldap%252fldapi/ ldap://0.0.0.0/' # service slapd restart Stopping slapd. Waiting for PIDS: 1604. Starting slapd. /usr/local/etc/rc.d/slapd: WARNING: slapd: Can't find socket /var/run/openldap/ldapi This WARNING would be output because the UNIX socket was not opened at run slapd script. Even using the URI encoded in the running options, (-h 'ldapi://%252fvar%252frun%252fopenldap%252fldapi/) correct socket name that is seen in netstat should have decoded URI. (%252fvar%252frun%252fopenldap%252fldapi/ -> /var/run/openldap/ldapi) When use the -h with encoded URI is not created UNIX socket, but -h with no-encoded URI is created UNIX socket. This was intended ?
(In reply to ruy from comment #2) Here is what I tried: root@anubis:/usr/ports/net/openldap24-server # cat >> /etc/rc.conf.local slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"' root@anubis:/usr/ports/net/openldap24-server # sysrc slapd_flags slapd_flags: -h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/" root@anubis:/usr/ports/net/openldap24-server # service slapd restart Stopping slapd. Waiting for PIDS: 77613. Starting slapd. root@anubis:/usr/ports/net/openldap24-server # sockstat -l | grep slap ldap slapd 77704 6 stream /var/run/openldap/ldapi ldap slapd 77704 7 tcp4 *:389 *:* The host system is FreeBSD 10.1-RELEASE-p16. I then looked more closely to your report and found an extra %25 there, which would make slapd to create a socket in /. Where did you get that part? I tried this, and the output does look legitimate: % pkg info -D openldap-server openldap-server-2.4.41: ************************************************************ The OpenLDAP server package has been successfully installed. In order to run the LDAP server, you need to edit /usr/local/etc/openldap/slapd.conf to suit your needs and add the following lines to /etc/rc.conf: slapd_enable="YES" slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"' slapd_sockets="/var/run/openldap/ldapi" Then start the server with /usr/local/etc/rc.d/slapd start or reboot. Try `man slapd' and the online manual at http://www.OpenLDAP.org/doc/ for more information. slapd runs under a non-privileged user id (by default `ldap'), see /usr/local/etc/rc.d/slapd for more information. ************************************************************
By the way, modern OpenLDAP now supports using ldapi:/// ldap:/// to accomplish the same unless you only want IPv4 listening and IPv6 is available.
(In reply to Xin LI from comment #3) Thank you for testing. I installed from pkg, not ports. (e.g. # pkg install openldap-server) As output below. # uname -r 10.1-RELEASE-p16 # pkg info -D openldap-server openldap-server-2.4.41: ************************************************************ The OpenLDAP server package has been successfully installed. In order to run the LDAP server, you need to edit /usr/local/etc/openldap/slapd.conf to suit your needs and add the following lines to /etc/rc.conf: slapd_enable="YES" slapd_flags='-h "ldapi://%252fvar%252frun%252fopenldap%252fldapi/ ldap://0.0.0.0/"' slapd_sockets="/var/run/openldap/ldapi" Then start the server with /usr/local/etc/rc.d/slapd start or reboot. Try `man slapd' and the online manual at http://www.OpenLDAP.org/doc/ for more information. slapd runs under a non-privileged user id (by default `ldap'), see /usr/local/etc/rc.d/slapd for more information. ************************************************************ Ok. As pointed out, "%25" is extra. Based on your reply, it was confirmed that used encoded URI operates correctly. The incorrect argument is included in the message, it was understanding and pkg of problem.
"%" is URI encoded to %25. If openldap-server package is created automation, might be occur dual escape in the messages.
(In reply to ruy from comment #5) Ah Okay, now I see where this comes. Will investigate why, thanks for reporting.
(In reply to ruy from comment #6) It's possible, but I use poudriere for quite some time and didn't see it before. I've started my local builder and will check if I can reproduce it with bulk build.
I think this is a bug with pkgng and have a proposed patch at: https://github.com/freebsd/pkg/pull/1306 Over to maintainer.
(In reply to Xin LI from comment #9) I should have been reported since the investigation in detail. Thank you for taking the time.
I have merged the code in the master branch. I will merge it and test it in the release 1.5 branch and issue a new release asap. Thank you!
bapt has looked at this himself, so reassign away from group alias.
Fixed long ago and forgot to close