← Back to team overview

enterprise-support team mailing list archive

[Bug 2119884] [NEW] slapd fails to start under systemd

 

Public bug reported:

Ubuntu 25.04 Plucky saw a change from using init to systemd for starting
slapd.  When starting slapd using systemd, slapd runs but is terminated
by systemd when it fails to receive a notification (sd_notify) from
slapd that everything is ok.


root@minerva:/etc/apt# lsb_release -rd
Description:    Ubuntu 25.04
Release:        25.04


root@minerva:/etc/apt# apt info slapd
Package: slapd
Version: 2.6.9+dfsg-2ubuntu1
Priority: optional
Section: net
Source: openldap
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@xxxxxxxxxxxxxxxx>
Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@xxxxxxxxxxxxxxxxxxxxxxx>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 5,195 kB
Provides: ldap-server
Pre-Depends: debconf, init-system-helpers (>= 1.54~)
Depends: libargon2-1 (>= 0~20171227), libc6 (>= 2.38), libcrypt1 (>= 1:4.1.0), libldap2 (= 2.6.9+dfsg-2ubuntu1), li>
Recommends: ldap-utils
Suggests: libsasl2-modules, ufw, libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal
Conflicts: ldap-server
Homepage: https://www.openldap.org/
Download-Size: 1,661 kB
APT-Manual-Installed: yes
APT-Sources: http://au.archive.ubuntu.com/ubuntu plucky/main amd64 Packages
Description: OpenLDAP server (slapd)
 This is the OpenLDAP (Lightweight Directory Access Protocol) server
 (slapd). The server can be used to provide a standalone directory
 service.


root@minerva:/etc/apt# systemctl start slapd.service
Job for slapd.service failed because a timeout was exceeded.
See "systemctl status slapd.service" and "journalctl -xeu slapd.service" for details.


root@minerva:/etc/apt# systemctl status slapd.service
× slapd.service - OpenLDAP Server Daemon
     Loaded: loaded (/usr/lib/systemd/system/slapd.service; enabled; preset: enabled)
     Active: failed (Result: timeout) since Thu 2025-08-07 22:01:36 AEST; 2min 11s ago
   Duration: 7h 20min 53.690s
 Invocation: 2efc19fa8f9c491b86b1c9039f12dba7
       Docs: man:slapd
             man:slapd-config
             man:slapd-mdb
    Process: 87009 ExecStart=sh -c mkdir -p /run/slapd;         chown "$SLAPD_USER":"$SLAPD_GROUP" /run/slapd;     >
   Main PID: 87009 (code=exited, status=0/SUCCESS)
   Mem peak: 4.1M
        CPU: 49ms

Aug 07 22:00:06 minerva.cording.id.au systemd[1]: Starting slapd.service - OpenLDAP Server Daemon...
Aug 07 22:00:06 minerva.cording.id.au slapd[87009]: @(#) $OpenLDAP: slapd 2.6.9+dfsg-2ubuntu1 (Mar 15 2025 05:58:33>
                                                            Ubuntu Developers <ubuntu-devel-discuss@xxxxxxxxxxxxxxx>
Aug 07 22:00:06 minerva.cording.id.au slapd[87009]: slapd starting
Aug 07 22:00:06 minerva.cording.id.au slapd[87009]: systemd sd_notify failed (-13)
Aug 07 22:01:36 minerva.cording.id.au systemd[1]: slapd.service: start operation timed out. Terminating.
Aug 07 22:01:36 minerva.cording.id.au slapd[87009]: daemon: shutdown requested and initiated.
Aug 07 22:01:36 minerva.cording.id.au slapd[87009]: slapd shutdown: waiting for 0 operations/tasks to finish
Aug 07 22:01:36 minerva.cording.id.au slapd[87009]: slapd stopped.
Aug 07 22:01:36 minerva.cording.id.au systemd[1]: slapd.service: Failed with result 'timeout'.
Aug 07 22:01:36 minerva.cording.id.au systemd[1]: Failed to start slapd.service - OpenLDAP Server Daemon.


root@minerva:/usr/lib/systemd/system# more slapd.service 
[Unit]
Description=OpenLDAP Server Daemon
After=network.target
# It doesn't really need network-online. Might revisit this for trixie:
# old initscript does have dependency on network-online.
#After=network-online.target
# For binding to particular IPs with systemd-networkd, use
#After=systemd-networkd-wait-online@eth0:no-carrier.service
# (with appropriate name for eth0)
Documentation=man:slapd
Documentation=man:slapd-config
Documentation=man:slapd-mdb

[Service]
Type=notify
# /etc/default/slapd sets:
#  SLAPD_SERVICES SLAPD_CONF SLAPD_USER SLAPD_GROUP SLAPD_OPTIONS
# Also can set KRB5_KTNAME
EnvironmentFile=/etc/default/slapd
# can use User=, but it does not accept $Variables (compatibility)
# can use RuntimeDirectory= but it need to be owned by user anyway
ExecStart=sh -c 'mkdir -p /run/slapd; \
        chown "$SLAPD_USER":"$SLAPD_GROUP" /run/slapd; \
        [ -d "$SLAPD_CONF" ] && confflag=-F || confflag=-f; \
        exec /usr/sbin/slapd -d0 \
                ${SLAPD_SERVICES:+-h "$SLAPD_SERVICES"} \
                ${SLAPD_USER:+-u "$SLAPD_USER"} \
                ${SLAPD_GROUP:+-g "$SLAPD_GROUP"} \
                ${SLAPD_CONF:+$confflag "$SLAPD_CONF"} \
                $SLAPD_OPTIONS'

[Install]
WantedBy=multi-user.target


Issue due to missing permission in apparmor usr.sbin.slapd:

 # systemd sd_notify
  /run/systemd/notify w,

** Affects: openldap (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2119884

Title:
  slapd fails to start under systemd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2119884/+subscriptions



Follow ups