[Bug 463684] Re: openldap sections in ubuntu server guide not updated for packages in karmic

[Adrian Custer]

Hey Julián,

Thanks for doing that work. I have not had time to read your edits on
doc.ubuntu.com in detail yet, but want to add an issue worth mentioning
in these pages.

If one tries to create a second branch on the DIT, openldap wants to
store that in a separate backend. If we want to do this next to the
initial backend, on /var/lib/ldap2/ for example, then apparmor kicks in
to block slapd from writing to a directory it has not been authorized to
hit. The error message generated by openldap does not prove very helpful
---I was only saved by finding a message on the subject on the web.

It would be useful to mention that apparmour might become an issue for
any expansion of the DIT to a second backend. It would also be elegant
to explain how to modify apparmour correctly to allow this second
backend but that's getting far afield so I could understand mentioning
the issue and moving on. I personally hacked my apparmour quick and
dirty but am not working on a production server.

cheers, --adrian

-- 
openldap sections in ubuntu server guide not updated for packages in karmic
https://bugs.launchpad.net/bugs/463684
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.