Hi Ulrich, I totally agree, but I wanted to show "quick and dirty" way. Sometimes you just need to test something, and when everything works it is time to play around ;)
Hey Ryan, thanks for advice. Today I played with "osixia/openldap" docker image and at the end of the day I was able to make it work. Just for reference, I'm sending modified part of ".config" file. ====================================================== include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema//ppolicy.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args #ldapmod#modulepath ../servers/slapd/back-ldap/ #ldapmod#moduleload back_ldap.la #metamod#modulepath ../servers/slapd/back-meta/ #metamod#moduleload back_meta.la #monitormod#modulepath ../servers/slapd/back-monitor/ #monitormod#moduleload back_monitor.la modulepath /usr/lib/ldap/ moduleload back_meta.la moduleload rwm.la moduleload back_ldap.la ====================================================== Then just delete old slapd.d and convert .config to slapd.d directory and it is work. But still, it is not proper way through slapadd/slapmodify, which I'm looking for. Best regards Martin Stejskal ________________________________ From: Ulrich Windl <[email protected]> Sent: 19 January 2017 08:45:43 To: Martin Stejskal; [email protected]; [email protected] Subject: Antw: Re: slapd-meta with olc >>> Martin Stejskal <[email protected]> schrieb am 17.01.2017 um 09:08 in >>> Nachricht <os2pr01mb02343bfa404e587bc43468b9b3...@os2pr01mb0234.jpnprd01.prod.outlook.com> [...] > 3) Simply remove (3A) or configure (3B) "apparmor" to avoid strange start > failure and another "permission denied" errors. Choice is up to you > (security vs convenience) > > 3A) Remove apparrmor > $ sudo apt remove apparmor > > 3B) Configure apparmor [...] I'd recommend to change the "enforce mode" for slapd to "complain mode". Then updating the apparmor profile can be done with the tools provided. Alternatively remove the profile for slapd in apparmor. I would not remove the whole package, because then no appliocation can/will be protected. Regards, Ulrich
