[Bug 1452087] Re: slapd [or its init script] does not create necessary directory for nssov socket and fails to start
ben thielsen
btb at bitrate.net
Thu May 7 03:10:00 UTC 2015
there was an apparmor message logged:
May 6 22:52:05 server kernel: audit: type=1400
audit(1430967118.381:12): apparmor="DENIED" operation="mkdir"
profile="/usr/sbin/slapd" name="/run/nslcd/" pid=1419 comm="slapd"
requested_mask="c" denied_mask="c" fsuid=108 ouid=108
adding to /etc/apparmor.d/local/usr.sbin.slapd [among some other
things]:
/etc/ldap/pki/** rw,
/{,var/}run/slapd/* rw,
/{,var/}run/nslcd/ rw,
/{,var/}run/nslcd/* rw,
seems to have addressed that, but the directory still isn't created.
temporarily changing /run/ to 777 seem to reinforce rtandy's reference.
the directory is then created, but not with adequate permissions:
dr-xr-xr-x 2 openldap openldap 40 May 6 23:01 nslcd/
slapd[2357]: nssov: bind() to /var/run/nslcd/socket failed: Permission
denied
adjusting them manually after creation confirms this, and slapd then
starts.
at the moment, i've added the following to the init script:
NSSOV_SOCKETDIR='/var/run/nslcd'
start_slapd() {
[ -d "${NSSOV_SOCKETDIR}" ] || ( mkdir -m 755 "${NSSOV_SOCKETDIR}" ; \
chown openldap.openldap "${NSSOV_SOCKETDIR}" )
which solves the problem for me [albeit the wrong way, imo], since it's
blindly doing it regardless of if the overlay is actually in use.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1452087
Title:
slapd [or its init script] does not create necessary directory for
nssov socket and fails to start
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1452087/+subscriptions
More information about the Ubuntu-server-bugs
mailing list