LFCS Question #148: Real Exam Question with Answer & Explanation

Question

After modifying the indexes for a database in slapd.conf - and running slapindex - the slapd daemon refuses to start when its init script is called. What is the most likely cause of this?

Options

• AThe indexes are not compatible with the init script.
• BThe init script cannot be run after executing slapindex, without first signing the indexes with slapsign.
• CThe init script has identified one or more invalid indexes.
• DThe init script is starting slapd as an ordinary user, and the index files are owned by root.

Explanation

When slapindex is run as root, it creates index files with root ownership, which prevents slapd from starting if the init script attempts to run it as a less privileged user.

Common mistakes.

• A. Index compatibility with an init script is not a direct technical concern; the init script's primary role is to start the daemon, not to interact directly with index file formats.
• B. slapsign is not a standard OpenLDAP utility, nor is there a requirement to 'sign' indexes for slapd to start after slapindex has been run.
• C. While invalid indexes could prevent slapd from starting, slapindex itself is designed to build valid indexes based on the configuration; a more common post-slapindex issue with startup is file permissions, not often inherent index invalidity.

Concept tested. OpenLDAP index file permissions after slapindex

Reference. https://www.openldap.org/doc/admin24/appendix-a.html#FileOwnership

No community discussion yet for this question.