There is a bug in slapd that triggers the profile of apparmor of slapd.
When installing a clean ubuntu 14.10 server and installing slapd with :
apt-get install slapd ldap-utils
configure it with :
dpkg-reconfigure slapd
with ldap address of ldapi://xxx.xxx.xxx
the following command :
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config
gives the following error:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Checking syslog :
apparmor="DENIED" operation="file_perm" profile="/usr/sbin/slapd" name="/run/slapd/ldapi" pid=1137 comm="slapd" requested_mask="r" denied_mask="r" fsuid=105 ouid=0
we find in apparmor profile :
/etc/apparmor.d/usr.sbin.slapd reads:
# pid files and sockets
/{,var/}run/slapd/* w,
/run/slapd/ldapi has srwxrwxrwx attributes and is owned by root:root
In 14.04 all of this is the same but does not lead to an error.
Changing it into :
# pid files and sockets
/{,var/}run/slapd/* rw,
Solves the issue but does not show me where things actually go wrong. Slapd tries to read the file but fails.
There is a bug in slapd that triggers the profile of apparmor of slapd.
When installing a clean ubuntu 14.10 server and installing slapd with : interactive_ bind_s: Can't contact LDAP server (-1) "file_perm" profile= "/usr/sbin/ slapd" name="/ run/slapd/ ldapi" pid=1137 comm="slapd" requested_mask="r" denied_mask="r" fsuid=105 ouid=0 d/usr.sbin. slapd reads: }run/slapd/ * w,
apt-get install slapd ldap-utils
configure it with :
dpkg-reconfigure slapd
with ldap address of ldapi://xxx.xxx.xxx
the following command :
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config
gives the following error:
ldap_sasl_
Checking syslog :
apparmor="DENIED" operation=
we find in apparmor profile :
/etc/apparmor.
# pid files and sockets
/{,var/
/run/slapd/ldapi has srwxrwxrwx attributes and is owned by root:root
In 14.04 all of this is the same but does not lead to an error.
Changing it into : }run/slapd/ * rw,
# pid files and sockets
/{,var/
Solves the issue but does not show me where things actually go wrong. Slapd tries to read the file but fails.