[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd 2.2.24 will not start as non root user



On Tuesday, 1 March 2011 17:47:55 Iain M Conochie wrote:
> On 01/03/2011 15:40, Quanah Gibson-Mount wrote:
> > --On Tuesday, March 01, 2011 1:30 PM +0000 Iain M Conochie
> > 
> > <iain@shihad.org> wrote:
> >> Well - I have managed to get 2.4.23 working starting as root and
> >> using the
> >> -g and -u options to actually run as user ldap. 2.4.24 was NOT able
> >> to do
> >> that giving the error above. Since I have a working version now I am
> >> pretty happy.
> >> 
> >> However the error that 2.4.24 gives seems bizarre. I can do more testing
> >> on this if you want further info; perhaps slapd is unable to find the
> >> user
> >> ldap?
> > 
> > Use slapd -d -1 -u ldap -g ldap
> > 
> > on OpenLDAP 2.4.24, and see what it reports.  It should certainly work
> > with 2.4.24 as well as 2.4.23.
> 
> OK. I think I have found the issue.
> 
> These servers use ldap for authentication. When I remove the local
> /etc/ldap.conf file 2.4.24 starts fine as user ldap. When I have the
> local /etc/ldap.conf file slapd 2.4.24 refuses to start. So it looks
> like slapd 2.4.24 is unable to find the ldap user when ldap
> authentication is in effect.

ldap user enumeration. I doubt this is related to any actual authentication.

> 
> Now this user is local to the machine (i.e. has and entry in /etc/passwd
> etc) and is not in the ldap directory. (hence slapd can start without
> the ldap authentication.

No problems here:

[root@tiger ~]# /etc/init.d/ldap status
slapd (pid 21317) is running...
[root@tiger ~]# getent passwd bgmilne
bgmilne:x:501:501:Buchan Milne:/home/bgmilne:/bin/bash
[root@tiger ~]# /etc/init.d/ldap stop
Stopping slapd:                                                      [  OK  ]
[root@tiger ~]# getent passwd bgmilne
[root@tiger ~]# slapd -VV
@(#) $OpenLDAP: slapd 2.4.24 (Feb 28 2011 12:58:04) $
        bgmilne@tiger.ranger.dnsalias.com:/home/bgmilne/rpm/BUILD/openldap-2.4.24/servers/slapd

[root@tiger ~]# /etc/init.d/ldap start
Starting slapd (ldap + ldaps):                                       [  OK  ]
[root@tiger ~]# 


> As I say 2.4.23 seems fine so we are going with this.

You may want to have a look at the changelog first ...

BTW., your subject is misleading, I have no interest in OpenLDAP 2.2.x, so I 
didn't pay much attention until now ...

Regards,
Buchan