[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd 2.2.24 will not start as non root user
On Tuesday, 1 March 2011 17:47:55 Iain M Conochie wrote:
> On 01/03/2011 15:40, Quanah Gibson-Mount wrote:
> > --On Tuesday, March 01, 2011 1:30 PM +0000 Iain M Conochie
> >
> > <iain@shihad.org> wrote:
> >> Well - I have managed to get 2.4.23 working starting as root and
> >> using the
> >> -g and -u options to actually run as user ldap. 2.4.24 was NOT able
> >> to do
> >> that giving the error above. Since I have a working version now I am
> >> pretty happy.
> >>
> >> However the error that 2.4.24 gives seems bizarre. I can do more testing
> >> on this if you want further info; perhaps slapd is unable to find the
> >> user
> >> ldap?
> >
> > Use slapd -d -1 -u ldap -g ldap
> >
> > on OpenLDAP 2.4.24, and see what it reports. It should certainly work
> > with 2.4.24 as well as 2.4.23.
>
> OK. I think I have found the issue.
>
> These servers use ldap for authentication. When I remove the local
> /etc/ldap.conf file 2.4.24 starts fine as user ldap. When I have the
> local /etc/ldap.conf file slapd 2.4.24 refuses to start. So it looks
> like slapd 2.4.24 is unable to find the ldap user when ldap
> authentication is in effect.
ldap user enumeration. I doubt this is related to any actual authentication.
>
> Now this user is local to the machine (i.e. has and entry in /etc/passwd
> etc) and is not in the ldap directory. (hence slapd can start without
> the ldap authentication.
No problems here:
[root@tiger ~]# /etc/init.d/ldap status
slapd (pid 21317) is running...
[root@tiger ~]# getent passwd bgmilne
bgmilne:x:501:501:Buchan Milne:/home/bgmilne:/bin/bash
[root@tiger ~]# /etc/init.d/ldap stop
Stopping slapd: [ OK ]
[root@tiger ~]# getent passwd bgmilne
[root@tiger ~]# slapd -VV
@(#) $OpenLDAP: slapd 2.4.24 (Feb 28 2011 12:58:04) $
bgmilne@tiger.ranger.dnsalias.com:/home/bgmilne/rpm/BUILD/openldap-2.4.24/servers/slapd
[root@tiger ~]# /etc/init.d/ldap start
Starting slapd (ldap + ldaps): [ OK ]
[root@tiger ~]#
> As I say 2.4.23 seems fine so we are going with this.
You may want to have a look at the changelog first ...
BTW., your subject is misleading, I have no interest in OpenLDAP 2.2.x, so I
didn't pay much attention until now ...
Regards,
Buchan