[Bug 227744] [NEW] dapper upgrade to hardy: openldap silently refuses to start when unable to open SSL certificates
Nick Moffitt
nick at canonical.com
Wed May 7 14:38:55 BST 2008
Public bug reported:
We ran a slapd on Dapper for a long time, and it relied on an SSL cert
that we made root-owned 0400 for reasons of our own internal security.
Apache happily opens these certs as root and passes the file descriptor
along for after it drops privilege to the www-data user. The default
install of slapd on Hardy silently refuses to start when we point it at
these certificates.
On Dapper, we ran slapd as root, and things worked reasonably well. The
Hardy upgrade reconfigured slapd to run as the "openldap" user, which
was unable to read the certificates we have.
The problem with this is that there was no indication in the logs or the
init script output that this was the reason it would not start. Forcing
us to pore through the copious output of the debug mode is a little
unreasonable for such a straightforward error condition.
** Affects: openldap2.3 (Ubuntu)
Importance: Undecided
Status: New
--
dapper upgrade to hardy: openldap silently refuses to start when unable to open SSL certificates
https://bugs.launchpad.net/bugs/227744
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list