[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd.conf permission denied
lør, 03.04.2004 kl. 23.27 skrev Robert Fitzpatrick:
> I can only start slapd as user root, it used to work as ldap, but for a
> couple of weeks, this has been a problem - not sure what I've done, been
> trying to get SASL, etc. going. I'm running 2.1.29 on FreeBSD-5.2.1 and
> although my configuration files, database dir and all are owned by the
> ldap user, this is what I get:
>
> connections_destroy: nothing to destroy.
> Apr 3 16:31:16 esmtp slapd[5070]: bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002)
> Apr 3 16:31:16 esmtp slapd[5070]: could not open config file "/usr/local/etc/openldap/slapd.conf": Permission denied (13)
> Apr 3 16:31:16 esmtp slapd[5070]: slapd shutdown: freeing system resources.
> Apr 3 16:31:16 esmtp slapd[5070]: slapd stopped.
> Apr 3 16:31:16 esmtp slapd[5070]: connections_destroy: nothing to destroy.
>
> esmtp# ls -la /usr/local/etc/openldap
> total 2590
> drw-r--r-- 6 ldap ldap 512 Apr 3 16:12 .
> drwxr-xr-x 22 root wheel 1536 Mar 30 13:48 ..
> drwxr-xr-x 2 ldap ldap 512 Jan 21 17:25 certs
> -rw-r--r-- 1 ldap ldap 7023 Feb 26 22:51 ldap.conf
> drwxr-xr-x 3 ldap ldap 1024 Apr 3 16:12 schema
> -rw------- 1 ldap ldap 4857 Apr 3 16:30 slapd.conf
Who is the owner of, and what are the permissions on,
/usr/local/etc/openldap? Owner should be ldap.
> esmtp# ls -la /var/run/openldap
> total 8
> drwxr-xr-x 2 ldap ldap 512 Apr 3 16:32 .
> drwxr-xr-x 6 root wheel 512 Apr 3 16:08 ..
> srwx------ 1 root ldap 0 Apr 3 16:30 ldapi
> -rw-r--r-- 1 root ldap 48 Apr 3 16:32 slapd.args
> -rw-r--r-- 1 root ldap 5 Apr 3 16:32 slapd.pid
Not your problem, but If you really are using ldapi (I use it for
everything I can) the perms on ldapi are useless, even if the owner is
ldap. They should be world writable (yuk). When you've solved your
problem, start slapd ldapi for uid ldap with 'umask 0;slapd
ldapi://%2Fusr%2Flocal%2Fvar%2Fldapi/????x-mod=0777'
> esmtp# ls -la /home/openldap-data
> total 6488
> drwxr-xr-x 2 ldap ldap 512 Jan 21 17:35 .
> drwxr-xr-x 11 root wheel 512 Mar 13 15:42 ..
> -rw------- 1 ldap ldap 8192 Apr 3 16:35 __db.001
> -rw------- 1 ldap ldap 270336 Apr 3 16:35 __db.002
> -rw------- 1 ldap ldap 98304 Apr 3 16:33 __db.003
> -rw------- 1 ldap ldap 368640 Apr 3 16:35 __db.004
> -rw------- 1 ldap ldap 16384 Apr 3 16:33 __db.005
> -rw------- 1 ldap ldap 167936 Apr 3 16:32 cn.bdb
> -rw------- 1 ldap ldap 102400 Apr 3 16:32 dn2id.bdb
> -rw------- 1 ldap ldap 20480 Mar 23 00:01 gidNumber.bdb
> -rw------- 1 ldap ldap 86016 Mar 22 17:46 givenName.bdb
> -rw------- 1 ldap ldap 360448 Apr 3 16:32 id2entry.bdb
> -rw------- 1 ldap ldap 4796333 Apr 3 16:33 log.0000000001
> -rw------- 1 ldap ldap 180224 Apr 3 16:32 mail.bdb
> -rw------- 1 ldap ldap 20480 Mar 22 17:59 memberUid.bdb
> -rw------- 1 ldap ldap 40960 Apr 3 16:32 objectClass.bdb
> -rw------- 1 ldap ldap 90112 Apr 3 16:32 sn.bdb
> -rw------- 1 ldap ldap 20480 Apr 3 16:33 uid.bdb
> -rw------- 1 ldap ldap 20480 Mar 22 20:09 uidNumber.bdb
Again, make sure the ownership and perms on /home/openldap-data are
correct.
--Tonni
--
mail: billy - at - billy.demon.nl
http://www.billy.demon.nl