Does ldap://XXXXX.XXXXXXXX.XXX have a port >= 1024 at the end ?
Nope
If default of 389, must be root to listen.
Interesting....
ps -ef |grep slapd ldap 30749 1 0 10:23 ? 00:00:00 /opt/openldap/libexec/slapd -u ldap -g ldap -h ldap://XXXX02.XXXXXX.org ldaps://XXXX02.XXXXXX.org
netstat -anlp|grep slapd tcp 0 0 192.168.1.36:389 0.0.0.0:* LISTEN 30749/slapd tcp 0 0 192.168.1.36:636 0.0.0.0:* LISTEN 30749/slapd
This is with version 2.4.13, which as you can see is running as user ldap and bound to 2 ports < 1024
This is from the test box which I was using to compile 2.4.24, now running 2.4.23
/opt/openldap/libexec/slapd -V @(#) $OpenLDAP: slapd 2.4.23 (Feb 28 2011 16:00:12) $ root@rangers:/usr/local/src/openldap-2.4.23/servers/slapd
10:26:38 rangers:$ ps -ef |grep slapd ldap 1086 1 0 Feb28 ? 00:00:00 /opt/openldap/libexec/slapd -u ldap -g ldap -h ldap://XXXXXX.XXXXX.XXXXXX.org
netstat -anlp|grep slapd tcp 0 0 192.168.1.124:389 0.0.0.0:* LISTEN 1086/slapd
So slapd is able to start and bind to the port. I though this used a mechanism like that of apache whereby the daemon starts as root and then binds to the ports, then drops the privileges to the non-root user, or am I missing something?
Cheers
Iain
Cheers Brett
On Fri, Feb 25, 2011 at 2:25 AM, Iain M Conochie iain@shihad.org wrote:
Good Afternoon,
I am attempting to upgrade my openldap 2.4.x installation to the latest release 2.4.24. I am compiling from source. I can start slapd as the root user but I am unable to start as a non-root user (e.g. ldap). I am receiving the following error message:
/opt/openldap/libexec/slapd -u ldap -g ldap -h ldap://XXXXX.XXXXXXXX.XXX slapd: sbind.c:76: ldap_simple_bind: Assertion `( (ld)->ld_options.ldo_valid == 0x2 )' failed. Aborted