I suppose we need to ensure that the openldap package is using this
abstraction, then, and that the latest apparmor package in Ubuntu
contains it.
I do think that Certbot integration for openldap is not relevant for the
majority of Ubuntu users though, so am setting Importance: Low and don't
expect anyone from the server team to address this any time soon.
We'd be happy to help volunteers get this landed though. First steps
would be to identify what needs doing in the development release in
apparmor and openldap with respect to this apparmor abstraction.
** Changed in: openldap (Ubuntu)
Importance: Undecided => Low
** Changed in: openldap (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1805178
Title:
Apparmor should include letsencrypt directory for Slapd
Status in openldap package in Ubuntu:
Triaged
Bug description:
Apparmor denies access to /etc/letsencrypt for slapd, which is
confusing for users trying to secure ldap with Letsencrypt in a stock
configuration.
The fix is inserting the following line in
/etc/apparmor.d/usr.sbin.slapd:
/etc/letsencrypt/** r,
and then refreshing the profile:
# apparmor_parser -vr usr.sbin.slapd
This line should simply be included.
tarek : )
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1805178/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
