On Mon, Aug 25, 2008 at 10:04:07AM +0800, [EMAIL PROTECTED] wrote: > [EMAIL PROTECTED] wrote: > > [EMAIL PROTECTED] # slapd -d 256 -h 'ldap://0.0.0.0:636/' -f > > /etc/ldap/slapd.conf > > @(#) $OpenLDAP: slapd 2.4.9 (Aug 5 2008 20:18:55) $ > > [EMAIL > > PROTECTED]:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd > > /etc/ldap/slapd.conf: line 126: rootdn is always granted unlimited > > privileges. > > /etc/ldap/slapd.conf: line 143: rootdn is always granted unlimited > > privileges. > > /etc/ldap/slapd.conf: line 158: invalid path: Permission denied > > slapd stopped. > > connections_destroy: nothing to destroy. > > > > Where: > > [EMAIL PROTECTED] # sed -n 158p /etc/ldap/slapd.conf > > directory "/var/lib/ldap_jxpado" > > > > > After a lot of experiment it seems anything other than '/var/lib/ldap', > when used for directory directive, would generate "invalid path: > Permission denied". I also tested /var/lib/ldap/jxpado in case slapd > runs in chroot by mistake (~openldap=/var/lib/ldap). > > This is rather strange to me, could it be the Ubuntu server edition of > slapd was modified? I configured a dozen more slapd server where I > altered directory, on Gentoo Linux, this is the first time I do it on > Ubuntu server.
Starting from Ubuntu 8.04, slapd is protected by an apparmor profile. Since you're using a non-standard directory for you database, you'll get a permission error. You should see audit messages in /var/log/kern.log related to slapd. You should adjust your slapd profile to include your directory. See [1] for more information on how-to update an apparmor profile. [1]: https://wiki.ubuntu.com/DebuggingApparmor -- Mathias Gug Ubuntu Developer http://www.ubuntu.com
