[Date Prev][Date Next] [Chronological] [Thread] [Top]

openLDAP + chroot + non privileged user : error

To: openldap-software@OpenLDAP.org
Subject: openLDAP + chroot + non privileged user : error
From: Mad <ng@madcorp.biz>
Date: Sun, 21 May 2006 17:25:04 +0200
User-agent: Thunderbird 1.5.0.2 (Windows/20060308)

Hello, I've installed an ldap server but I don't succeed to launch it with both a chroot jail and an unprivileged user.

This command works : /usr/local/openldap/libexec/slapd -r /chroot/ldap -d 255

But the following one doesn't : DebServ1:/chroot/ldap# /usr/local/openldap/libexec/slapd -r /chroot/ldap -u ldap -d 255 @(#) $OpenLDAP: slapd 2.3.23 (May 20 2006 11:05:14) $ root@DebServ1:/tmp/openldap-2.3.23/servers/slapd daemon_init: <null> daemon_init: listen on ldap:/// daemon_init: 1 listeners to open... ldap_url_parse_ext(ldap:///) daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol) daemon: listener initialized ldap:/// daemon_init: 2 listeners opened No passwd entry for user ldap

I don't understand what file/program is missing in the chroot jail.
Can anyone help ?

Thanks,
Fabien Agranier
Supinfo

------------------------------------------------------- My searches ------------------------------------------------------- I've tried to add the files passwd, group and shadow to my chroot jail (/chroot/ldap/etc/) but it doesn't change anything. I also tried to add both /etc /usr/bin /usr/sbin /bin and /sbin to the chroot jail... as same !

I figure out that the error is raised by servers/slapd/user.c (line 75) which test the return value of getpwnam() To my mind, the souce code of the function getpwnam can help to find what is missing, but I didn't found the source and the man page seems to say that it's only the /etc/passwd file which is read...

I've found similar problem without response at :
http://www.openldap.org/lists/openldap-software/200112/msg00295.html
http://lists.debian.org/debian-isp/2004/03/msg00169.html
-------------------------------------------------------

-------------------------------------------------------
Here is my installation script
-------------------------------------------------------
# Chroot jail
mkdir /chroot/ldap
groupadd ldap
useradd -c "LDAP Daemon User" -g ldap -s /bin/false -d /chroot/ldap ldap
mkdir -p /chroot/ldap/dev /chroot/ldap/etc /chroot/ldap/var/run
chown -R ldap:ldap /chroot/ldap
chmod -R 700 /chroot/ldap
mknod /chroot/ldap/dev/null c 1 3
mknod /chroot/ldap/dev/random c 1 8
chmod 666 /chroot/ldap/dev/null /chroot/ldap/dev/random
cp /etc/localtime /chroot/ldap/etc/

# Installation ./configure --prefix=/usr/local/openldap --with-ssl --with-tsl --enable-wrappers --enable-hdb --enable-ldbm --with-cyrus-sasl --enable-spasswd --enable-slurpd --sysconfdir=/etc --localstatedir=/var make depend make make install

# Copy of installed needed files to chroot jail
mv /etc/openldap /chroot/ldap/etc/
mv /var/openldap* /chroot/ldap/var/
chown -R ldap:ldap /chroot/ldap/etc/openldap /chroot/ldap/var/
chmod -R 700 /chroot/ldap/etc/openldap /chroot/ldap/var/

-----------------------------------------------------------------------
Extracts of my configuration file /chroot/ldap/etc/openldap/slapd.conf
-----------------------------------------------------------------------
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/qmail.schema

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

directory       /var/openldap-data
-----------------------------------------------------------------------

Thanks !!

Follow-Ups:
- Re: openLDAP + chroot + non privileged user : error
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: What indexes are allowed ? [auf Viren überprüft]
Next by Date: Re: openLDAP + chroot + non privileged user : error
Index(es):
- Chronological
- Thread