[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd.conf permission denied



lør, 03.04.2004 kl. 23.27 skrev Robert Fitzpatrick:

> I can only start slapd as user root, it used to work as ldap, but for a
> couple of weeks, this has been a problem - not sure what I've done, been
> trying to get SASL, etc. going. I'm running 2.1.29 on FreeBSD-5.2.1 and
> although my configuration files, database dir and all are owned by the
> ldap user, this is what I get:
> 
> connections_destroy: nothing to destroy. 
> Apr  3 16:31:16 esmtp slapd[5070]: bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002) 
> Apr  3 16:31:16 esmtp slapd[5070]: could not open config file "/usr/local/etc/openldap/slapd.conf": Permission denied (13) 
> Apr  3 16:31:16 esmtp slapd[5070]: slapd shutdown: freeing system resources. 
> Apr  3 16:31:16 esmtp slapd[5070]: slapd stopped. 
> Apr  3 16:31:16 esmtp slapd[5070]: connections_destroy: nothing to destroy. 
> 
> esmtp# ls -la /usr/local/etc/openldap
> total 2590
> drw-r--r--   6 ldap  ldap       512 Apr  3 16:12 .
> drwxr-xr-x  22 root  wheel     1536 Mar 30 13:48 ..
> drwxr-xr-x   2 ldap  ldap       512 Jan 21 17:25 certs
> -rw-r--r--   1 ldap  ldap      7023 Feb 26 22:51 ldap.conf
> drwxr-xr-x   3 ldap  ldap      1024 Apr  3 16:12 schema
> -rw-------   1 ldap  ldap      4857 Apr  3 16:30 slapd.conf

Who is the owner of, and what are the permissions on,
/usr/local/etc/openldap? Owner should be ldap.


> esmtp# ls -la /var/run/openldap
> total 8
> drwxr-xr-x  2 ldap  ldap   512 Apr  3 16:32 .
> drwxr-xr-x  6 root  wheel  512 Apr  3 16:08 ..
> srwx------  1 root  ldap     0 Apr  3 16:30 ldapi
> -rw-r--r--  1 root  ldap    48 Apr  3 16:32 slapd.args
> -rw-r--r--  1 root  ldap     5 Apr  3 16:32 slapd.pid

Not your problem, but If you really are using ldapi (I use it for
everything I can) the perms on ldapi are useless, even if the owner is
ldap. They should be world writable (yuk). When you've solved your
problem, start slapd ldapi for uid ldap with 'umask 0;slapd
ldapi://%2Fusr%2Flocal%2Fvar%2Fldapi/????x-mod=0777'

> esmtp# ls -la /home/openldap-data
> total 6488
> drwxr-xr-x   2 ldap  ldap       512 Jan 21 17:35 .
> drwxr-xr-x  11 root  wheel      512 Mar 13 15:42 ..
> -rw-------   1 ldap  ldap      8192 Apr  3 16:35 __db.001
> -rw-------   1 ldap  ldap    270336 Apr  3 16:35 __db.002
> -rw-------   1 ldap  ldap     98304 Apr  3 16:33 __db.003
> -rw-------   1 ldap  ldap    368640 Apr  3 16:35 __db.004
> -rw-------   1 ldap  ldap     16384 Apr  3 16:33 __db.005
> -rw-------   1 ldap  ldap    167936 Apr  3 16:32 cn.bdb
> -rw-------   1 ldap  ldap    102400 Apr  3 16:32 dn2id.bdb
> -rw-------   1 ldap  ldap     20480 Mar 23 00:01 gidNumber.bdb
> -rw-------   1 ldap  ldap     86016 Mar 22 17:46 givenName.bdb
> -rw-------   1 ldap  ldap    360448 Apr  3 16:32 id2entry.bdb
> -rw-------   1 ldap  ldap   4796333 Apr  3 16:33 log.0000000001
> -rw-------   1 ldap  ldap    180224 Apr  3 16:32 mail.bdb
> -rw-------   1 ldap  ldap     20480 Mar 22 17:59 memberUid.bdb
> -rw-------   1 ldap  ldap     40960 Apr  3 16:32 objectClass.bdb
> -rw-------   1 ldap  ldap     90112 Apr  3 16:32 sn.bdb
> -rw-------   1 ldap  ldap     20480 Apr  3 16:33 uid.bdb
> -rw-------   1 ldap  ldap     20480 Mar 22 20:09 uidNumber.bdb

Again, make sure the ownership and perms on /home/openldap-data are
correct.

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl