On 2/7/20 14:18, Ryan Tandy wrote:
Have you checked (via e.g. dmesg) whether it's AppArmor getting in your way? The apparmor profile for slapd might need saslauthd socket added.
Thanks for pointing this out, I had a feeling I was just missing something simple and it does look like it is AppArmor related:
[3286126.294693] audit: type=1400 audit(1581111901.079:31863): apparmor="DENIED" operation="connect" namespace="root//lxd-bllldap01_<var-lib-lxd>" profile="/usr/sbin/slapd" name="/run/saslauthd/mux" pid=37876 comm="slapd" requested_mask="wr" denied_mask="wr" fsuid=100111 ouid=100000
Note that I have deployed slapd inside an LXD container so I'm not sure if this affects if/how AppArmor needs to be modified. I'm currently playing around with my container settings to try and give slapd the proper permissions.
Please file a bug in Launchpad if that turns out to be the case.
I went to https://launchpad.net/openldap but the "Report a bug" link is grayed out. I've not submitted anything before so any guidance would be appreciated.