[Bug 217159] Re: slapd + gnutls fails
svimes
debian at huttu.net
Tue Apr 15 12:48:18 BST 2008
That was the first thing I stumbled upon, so I don't think it's that.
Slapd won't start if it can't read the pki files. I've adjusted the
apparmor profile as follows:
$ cat usr.sbin.slapd
# vim:syntax=apparmor
# Last Modified: Fri Jan 4 15:18:13 2008
# Author: Jamie Strandboge <jamie at ubuntu.com>
#include <tunables/global>
/usr/sbin/slapd {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/ssl_certs>
/etc/local/pki/tls/certs/ca.nnn.nnn.crt r,
/etc/local/pki/tls/certs/ldap.nnn.nnn.crt r,
/etc/local/pki/tls/private/ldap.nnn.nnn.key r,
/etc/sasldb2 r,
capability dac_override,
capability net_bind_service,
capability setgid,
capability setuid,
/etc/gai.conf r,
/etc/hosts.allow r,
/etc/hosts.deny r,
/etc/ldap/ldap.conf r,
/etc/ldap/schema/* r,
/etc/ldap/slapd.conf r,
# the databases and logs
/var/lib/ldap/ r,
/var/lib/ldap/* rw,
# lock file
/var/lib/ldap/alock kw,
# pid files and sockets
/var/run/slapd/* w,
/usr/lib/ldap/ r,
/usr/lib/ldap/* mr,
/usr/sbin/slapd mr,
}
--
slapd + gnutls fails
https://bugs.launchpad.net/bugs/217159
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list