** Tags added: apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1392018
Title:
apparmor stops /var/run/ldapi from being read causing ldap to fail
Status in openldap package in Ubuntu:
Confirmed
Bug description:
There is a bug in slapd that triggers the profile of apparmor of
slapd.
When installing a clean ubuntu 14.10 server and installing slapd with :
apt-get install slapd ldap-utils
configure it with :
dpkg-reconfigure slapd
with ldap address of ldapi://xxx.xxx.xxx
the following command :
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config
gives the following error:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Checking syslog :
apparmor="DENIED" operation="file_perm" profile="/usr/sbin/slapd"
name="/run/slapd/ldapi" pid=1137 comm="slapd" requested_mask="r"
denied_mask="r" fsuid=105 ouid=0
we find in apparmor profile :
/etc/apparmor.d/usr.sbin.slapd reads:
# pid files and sockets
/{,var/}run/slapd/* w,
/run/slapd/ldapi has srwxrwxrwx attributes and is owned by
root:root
In 14.04 all of this is the same but does not lead to an error.
Changing it into :
# pid files and sockets
/{,var/}run/slapd/* rw,
Solves the issue but does not show me where things actually go wrong.
Slapd tries to read the file but fails.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
