[Bug 217159] Re: slapd + gnutls fails

[Ronald van Engelen]

I'm having the same problems:
 * `TLS_REQCERT=never` needed in `/etc/ldap.conf` (`/etc/ldap/ldap.conf` is a symlink to the former)
 * openldap user can't access ssl-certificates; fixed with `adduser openldap ssl-cert `

After applying those fixes pam works but nss doesn't i.e. a normal user
can log in but seems unknown (prompt reads `nosuchuser at localhost:~$`).

It seems this has to to do with some process which lacks permissions to
the ldap-config files in the directory `/etc/ldap`; because some of
these files might contain sensitive information documentation suggests
to restrict access to the owner and group:

{{{
ls -la /etc/ldap
lrwxrwxrwx   1 openldap openldap      14 2008-08-24 23:55 ldap.conf -> /etc/ldap.conf
drwxr-x---   2 openldap openldap    4096 2008-06-14 15:16 sasl2
drwxr-x---   2 openldap openldap    4096 2008-08-30 11:36 schema
-rw-r-----   1 openldap openldap     900 2008-09-08 08:20 slapd.conf

-rw-r-----   1 openldap openldap     671 2008-09-08 09:32 slapd.consumer.conf
-rw-r-----   1 openldap openldap    2970 2008-08-25 09:42 slapd.databases.conf
-rw-r-----   1 openldap openldap     483 2008-08-25 01:38 slapd.master.conf
-rw-r-----   1 openldap openldap    1236 2008-06-19 13:21 slapd.schemas.conf
}}}

-- 
slapd + gnutls fails 
https://bugs.launchpad.net/bugs/217159
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.