On Tuesday, 1 March 2011 17:47:55 Iain M Conochie wrote:
On 01/03/2011 15:40, Quanah Gibson-Mount wrote:
--On Tuesday, March 01, 2011 1:30 PM +0000 Iain M Conochie
iain@shihad.org wrote:
Well - I have managed to get 2.4.23 working starting as root and using the -g and -u options to actually run as user ldap. 2.4.24 was NOT able to do that giving the error above. Since I have a working version now I am pretty happy.
However the error that 2.4.24 gives seems bizarre. I can do more testing on this if you want further info; perhaps slapd is unable to find the user ldap?
Use slapd -d -1 -u ldap -g ldap
on OpenLDAP 2.4.24, and see what it reports. It should certainly work with 2.4.24 as well as 2.4.23.
OK. I think I have found the issue.
These servers use ldap for authentication. When I remove the local /etc/ldap.conf file 2.4.24 starts fine as user ldap. When I have the local /etc/ldap.conf file slapd 2.4.24 refuses to start. So it looks like slapd 2.4.24 is unable to find the ldap user when ldap authentication is in effect.
ldap user enumeration. I doubt this is related to any actual authentication.
Now this user is local to the machine (i.e. has and entry in /etc/passwd etc) and is not in the ldap directory. (hence slapd can start without the ldap authentication.
No problems here:
[root@tiger ~]# /etc/init.d/ldap status slapd (pid 21317) is running... [root@tiger ~]# getent passwd bgmilne bgmilne:x:501:501:Buchan Milne:/home/bgmilne:/bin/bash [root@tiger ~]# /etc/init.d/ldap stop Stopping slapd: [ OK ] [root@tiger ~]# getent passwd bgmilne [root@tiger ~]# slapd -VV @(#) $OpenLDAP: slapd 2.4.24 (Feb 28 2011 12:58:04) $ bgmilne@tiger.ranger.dnsalias.com:/home/bgmilne/rpm/BUILD/openldap-2.4.24/servers/slapd
[root@tiger ~]# /etc/init.d/ldap start Starting slapd (ldap + ldaps): [ OK ] [root@tiger ~]#
As I say 2.4.23 seems fine so we are going with this.
You may want to have a look at the changelog first ...
BTW., your subject is misleading, I have no interest in OpenLDAP 2.2.x, so I didn't pay much attention until now ...
Regards, Buchan