Bug#381788: [Pkg-openldap-devel] Re: Bug#381788: slapd: TLS
connections fail when running as non-root
Quanah Gibson-Mount
quanah at stanford.edu
Wed Aug 9 20:40:14 UTC 2006
--On Wednesday, August 09, 2006 12:49 AM -0600 "Berg, Michael"
<michaeljberg at gmail.com> wrote:
>> Okay, hm. Can you try this, preferably with daemontools:
>>
>> /usr/bin/setuidgid openldap /bin/cat </path/to/certs/certfiles>
>>
>> for every cert you believe the server should be able to read. It really
>> seems like the "openldap" user/group doesn't have permission to
>> something that it should.
>
> I don't have daemontools on this system, but I temporarily changed the
> shell for the openldap user from /bin/false to /bin/bash and then su'd to
> openldap.
Hm... Okay, instead of "strace" output, what does the output from "slapd -d
-1" show in the following bits:
(a) running as root, up until waiting for a connection
(b) running as root, getting a problem connection
(c) running as openldap user, up until waiting for a connection
(d) running as openldap user, getting a problem connection
I find -d -1 can be a bit more useful than strace when looking for
something other than permissions problems with slapd. You will have to
either alter the startup script or manually start slapd of course. ;)
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Pkg-openldap-devel
mailing list