Problems with gconfd and orbit + LDAP / SSL/TLS and temporaryfiles in /tmp
Erling Ringen Elvsrud
systemansvarlig at vagaungdomsskule.no
Wed Aug 9 08:23:32 UTC 2006
ty den 08.08.2006 klokka 12:28 (+0200) skreiv Erling Ringen Elvsrud:
[...]
> I can sucessfully log in on the Dapper workstation.
> getent passwd and getent group returns all users and groups
> in /etc/password /etc/group as well as the users in the directory.
>
> When SSL is disabled everything works well. If I enable SSL/TLS (in
> slapd.conf on the server) as well
> as /etc/pam_ldap.conf, /etc/ldap/ldap.conf and /etc/libnss_ldap.conf
> with ssl start_tls and TLS_CACERT /etc/ssl/certs/cacert.pem, only one
> (the first) user can log in sucessfully.
>
> It seems like orbit and gconf have problems getting information about
> users and groups because the orbit-<username> and gconfd-<username>
> directories in /tmp is called orbit-somebody and gconfd-somebody
> instead. This becomes a problem when the first user logs out and the
> second tries to log in as those directories are owned by the first
> user.
[...]
Problem solved!
The error was that the certificate of the server
in /etc/ssl/certs /cacert.pem was not world readable so regular users
was unable to use SSL. I Used "strace -trace=file id" to debug the
problem (when logged in as a non privileged user).
Another example of how useful strace is to debug configuration mistakes
like this!
Erling
More information about the ubuntu-users
mailing list