I'm having the same problems:
* `TLS_REQCERT=never` needed in `/etc/ldap.conf` (`/etc/ldap/ldap.conf` is a
symlink to the former)
* openldap user can't access ssl-certificates; fixed with `adduser openldap
ssl-cert `
After applying those fixes pam works but nss doesn't i.e. a normal user
can log in but seems unknown (prompt reads [EMAIL PROTECTED]:~$`).
It seems this has to to do with some process which lacks permissions to
the ldap-config files in the directory `/etc/ldap`; because some of
these files might contain sensitive information documentation suggests
to restrict access to the owner and group:
{{{
ls -la /etc/ldap
lrwxrwxrwx 1 openldap openldap 14 2008-08-24 23:55 ldap.conf ->
/etc/ldap.conf
drwxr-x--- 2 openldap openldap 4096 2008-06-14 15:16 sasl2
drwxr-x--- 2 openldap openldap 4096 2008-08-30 11:36 schema
-rw-r----- 1 openldap openldap 900 2008-09-08 08:20 slapd.conf
-rw-r----- 1 openldap openldap 671 2008-09-08 09:32 slapd.consumer.conf
-rw-r----- 1 openldap openldap 2970 2008-08-25 09:42 slapd.databases.conf
-rw-r----- 1 openldap openldap 483 2008-08-25 01:38 slapd.master.conf
-rw-r----- 1 openldap openldap 1236 2008-06-19 13:21 slapd.schemas.conf
}}}
--
slapd + gnutls fails
https://bugs.launchpad.net/bugs/217159
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
