[root@g3-test-25 dip]#slapd -d 2 -F /etc/openldap/slapd.d/ -u ldap

5ebf99cb @(#) $OpenLDAP: slapd 2.4.44 (Dec 18 2018 12:26:29) $
        mockbuild@x86-017.build.eng.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
TLSMC: MozNSS compatibility interception begins.
tlsmc_open_nssdb: WARN: could not initialize MozNSS context - error -8015.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present.
tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
TLS: could not use certificate `OpenLDAP Server'.
TLS: error:0200100D:system library:fopen:Permission denied bss_file.c:402
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:404
TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib ssl_rsa.c:468
5ebf99cb main: TLS init def ctx failed: -1
5ebf99cb slapd stopped.
5ebf99cb connections_destroy: nothing to destroy.
#原因分析，我在卸載ldap時，把這個卸載掉了
#重新創建證書
[root@g3-test-25 dip]# mkdir -p /etc/openldap/certs
[root@g3-test-25 dip]# bash /usr/libexec/openldap/create-certdb.sh
Creating certificate database in '/etc/openldap/certs'.
[root@g3-test-25 dip]# bash /usr/libexec/openldap/generate-server-cert.sh
Creating new server certificate in '/etc/openldap/certs'.


[root@g3-test-25 dip]# ll /etc/openldap/certs
總用量 84
-rw-r--r-- 1 root root 65536 5月  16 15:46 cert8.db
-rw-r--r-- 1 root root 16384 5月  16 15:46 key3.db
-r--r----- 1 root ldap    45 5月  16 15:46 password
-rw-r--r-- 1 root root 16384 5月  16 15:46 secmod.db
[root@g3-test-25 dip]# ll /etc/openldap/
總用量 8
drwxr-xr-x 2 root root   90 5月  16 15:46 certs
-rw-r--r-- 1 root root  121 12月 19 2018 check_password.conf
drwxr-xr-x 2 root root 4096 5月  16 15:38 schema
drwxr-x--- 3 ldap ldap   45 5月  16 15:38 slapd.d
[root@g3-test-25 dip]# ll /etc/openldap/
總用量 8
drwxr-xr-x 2 root root   90 5月  16 15:46 certs
-rw-r--r-- 1 root root  121 12月 19 2018 check_password.conf
drwxr-xr-x 2 root root 4096 5月  16 15:38 schema
drwxr-x--- 3 ldap ldap   45 5月  16 15:38 slapd.d
[root@g3-test-25 dip]# su - dip
上一次登錄：六 5月 16 15:22:39 CST 2020從 192.168.211.41pts/3 上
[dip@g3-test-25 ~]$ exit
登出
[root@g3-test-25 dip]# systemctl start slapd
[root@g3-test-25 dip]# systemctl status slapd
● slapd.service - OpenLDAP Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled)
   Active: active (running) since 六 2020-05-16 15:47:53 CST; 4s ago
     Docs: man:slapd
           man:slapd-config
           man:slapd-hdb
           man:slapd-mdb
           file:///usr/share/doc/openldap-servers/guide.html
  Process: 40036 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=0/SUCCESS)
  Process: 40009 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)
 Main PID: 40230 (slapd)
   CGroup: /system.slice/slapd.service
           └─40230 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:///

5月 16 15:47:52 g3-test-25 systemd[1]: Starting OpenLDAP Server Daemon...
5月 16 15:47:52 g3-test-25 runuser[40020]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
5月 16 15:47:52 g3-test-25 runuser[40020]: pam_unix(runuser:session): session closed for user ldap
5月 16 15:47:52 g3-test-25 slapd[40036]: @(#) $OpenLDAP: slapd 2.4.44 (Dec 18 2018 12:26:29) $
                                                  mockbuild@x86-017.build.eng.bos.redhat.com:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
5月 16 15:47:53 g3-test-25 slapd[40036]: tlsmc_get_pin: INFO: Please note the extracted key file will not be protected with a PIN any more, however...missions.
5月 16 15:47:53 g3-test-25 slapd[40230]: slapd starting
5月 16 15:47:53 g3-test-25 systemd[1]: Started OpenLDAP Server Daemon.
Hint: Some lines were ellipsized, use -l to show in full.

總結

以上是生活随笔為你收集整理的ldap无法启动 system library:fopen:Permission denied bss_file.c:402的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。