[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd.conf permission denied

To: Robert Fitzpatrick <robert@webtent.com>
Subject: Re: slapd.conf permission denied
From: Frank Thyes <thyes@gmx.net>
Date: Sun, 4 Apr 2004 08:39:23 +0200
Cc: OpenLDAP <openldap-software@OpenLDAP.org>
Content-disposition: inline
In-reply-to: <1081027630.3635.18.camel@columbus>
References: <1081027630.3635.18.camel@columbus>
User-agent: Mutt/1.4.1i

Hi Robert,

+++ Robert Fitzpatrick [Sat, Apr 03, 2004 at 11:27:11PM CEST]:

> I can only start slapd as user root, it used to work as ldap, but for a
> couple of weeks, this has been a problem - not sure what I've done, been

Its always a good idea to write down the configuration changes if
you are try some new stuff (man script)

> trying to get SASL, etc. going. I'm running 2.1.29 on FreeBSD-5.2.1 and
> although my configuration files, database dir and all are owned by the
> ldap user, this is what I get:
> 
> connections_destroy: nothing to destroy. 
> Apr  3 16:31:16 esmtp slapd[5070]: bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002) 
> Apr  3 16:31:16 esmtp slapd[5070]: could not open config file "/usr/local/etc/openldap/slapd.conf": Permission denied (13) 
> Apr  3 16:31:16 esmtp slapd[5070]: slapd shutdown: freeing system resources. 
> Apr  3 16:31:16 esmtp slapd[5070]: slapd stopped. 
> Apr  3 16:31:16 esmtp slapd[5070]: connections_destroy: nothing to destroy. 
> 
> esmtp# ls -la /usr/local/etc/openldap
> total 2590
> drw-r--r--   6 ldap  ldap       512 Apr  3 16:12 .
> drwxr-xr-x  22 root  wheel     1536 Mar 30 13:48 ..
> drwxr-xr-x   2 ldap  ldap       512 Jan 21 17:25 certs
> -rw-r--r--   1 ldap  ldap      7023 Feb 26 22:51 ldap.conf
> drwxr-xr-x   3 ldap  ldap      1024 Apr  3 16:12 schema
> -rw-------   1 ldap  ldap      4857 Apr  3 16:30 slapd.conf

Give the group ldap read permissions on slapd.conf

> esmtp# ls -la /var/run/openldap
> total 8
> drwxr-xr-x  2 ldap  ldap   512 Apr  3 16:32 .
> drwxr-xr-x  6 root  wheel  512 Apr  3 16:08 ..
> srwx------  1 root  ldap     0 Apr  3 16:30 ldapi
> -rw-r--r--  1 root  ldap    48 Apr  3 16:32 slapd.args
> -rw-r--r--  1 root  ldap     5 Apr  3 16:32 slapd.pid

Slapd.pid is useless if only root can write to it and your slapd is
running under a another uid. Change the owner or adjust the
permissions too.

> esmtp# ls -la /home/openldap-data
> total 6488
> drwxr-xr-x   2 ldap  ldap       512 Jan 21 17:35 .
> drwxr-xr-x  11 root  wheel      512 Mar 13 15:42 ..
> -rw-------   1 ldap  ldap      8192 Apr  3 16:35 __db.001
> -rw-------   1 ldap  ldap    270336 Apr  3 16:35 __db.002
> -rw-------   1 ldap  ldap     98304 Apr  3 16:33 __db.003
> -rw-------   1 ldap  ldap    368640 Apr  3 16:35 __db.004
> -rw-------   1 ldap  ldap     16384 Apr  3 16:33 __db.005
> -rw-------   1 ldap  ldap    167936 Apr  3 16:32 cn.bdb
> -rw-------   1 ldap  ldap    102400 Apr  3 16:32 dn2id.bdb
> -rw-------   1 ldap  ldap     20480 Mar 23 00:01 gidNumber.bdb
> -rw-------   1 ldap  ldap     86016 Mar 22 17:46 givenName.bdb
> -rw-------   1 ldap  ldap    360448 Apr  3 16:32 id2entry.bdb
> -rw-------   1 ldap  ldap   4796333 Apr  3 16:33 log.0000000001
> -rw-------   1 ldap  ldap    180224 Apr  3 16:32 mail.bdb
> -rw-------   1 ldap  ldap     20480 Mar 22 17:59 memberUid.bdb
> -rw-------   1 ldap  ldap     40960 Apr  3 16:32 objectClass.bdb
> -rw-------   1 ldap  ldap     90112 Apr  3 16:32 sn.bdb
> -rw-------   1 ldap  ldap     20480 Apr  3 16:33 uid.bdb
> -rw-------   1 ldap  ldap     20480 Mar 22 20:09 uidNumber.bdb
> 
> What else can cause this error?

If the new permissions didnt solve your problem, use ktrace and
kdump to determine the root cause. You will be able to see the file
which is responsible for the permission denied message...

Regards
Frank

-- 
Things that are unlikeable, are NOT impossible.

References:
- slapd.conf permission denied
  - From: Robert Fitzpatrick <robert@webtent.com>

Prev by Date: Re: Determining SASL support
Next by Date: Re: Chinese problem in the ldif files.
Index(es):
- Chronological
- Thread