[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd 2.2.24 will not start as non root user
> Does ldap://XXXXX.XXXXXXXX.XXX have a port >= 1024 at the end ?
Nope
>
> If default of 389, must be root to listen.
Interesting....
ps -ef |grep slapd
ldap 30749 1 0 10:23 ? 00:00:00
/opt/openldap/libexec/slapd -u ldap -g ldap -h ldap://XXXX02.XXXXXX.org
ldaps://XXXX02.XXXXXX.org
netstat -anlp|grep slapd
tcp 0 0 192.168.1.36:389 0.0.0.0:* LISTEN
30749/slapd
tcp 0 0 192.168.1.36:636 0.0.0.0:* LISTEN
30749/slapd
This is with version 2.4.13, which as you can see is running as user ldap
and bound to 2 ports < 1024
This is from the test box which I was using to compile 2.4.24, now running
2.4.23
/opt/openldap/libexec/slapd -V
@(#) $OpenLDAP: slapd 2.4.23 (Feb 28 2011 16:00:12) $
root@rangers:/usr/local/src/openldap-2.4.23/servers/slapd
10:26:38 rangers:$ ps -ef |grep slapd
ldap 1086 1 0 Feb28 ? 00:00:00
/opt/openldap/libexec/slapd -u ldap -g ldap -h
ldap://XXXXXX.XXXXX.XXXXXX.org
netstat -anlp|grep slapd
tcp 0 0 192.168.1.124:389 0.0.0.0:* LISTEN
1086/slapd
So slapd is able to start and bind to the port. I though this used a
mechanism like that of apache whereby the daemon starts as root and then
binds to the ports, then drops the privileges to the non-root user, or am
I missing something?
Cheers
Iain
>
> Cheers
> Brett
>
> On Fri, Feb 25, 2011 at 2:25 AM, Iain M Conochie <iain@shihad.org> wrote:
>
>> Good Afternoon,
>>
>> I am attempting to upgrade my openldap 2.4.x installation to the latest
>> release 2.4.24. I am compiling from source. I can start slapd as the
>> root user but I am unable to start as a non-root user (e.g. ldap). I am
>> receiving the following error message:
>>
>> /opt/openldap/libexec/slapd -u ldap -g ldap -h ldap://XXXXX.XXXXXXXX.XXX
>> slapd: sbind.c:76: ldap_simple_bind: Assertion `(
>> (ld)->ld_options.ldo_valid == 0x2 )' failed.
>> Aborted
>>
>