Hi Ryan,
Thanks for looking into this. Unfortunately I don't have much to add to
my earlier response in this thread. Here are the only kerberos-related
types of lines that I have in slapd.conf:
authz-regexp
uid=([^,]*),cn=([^,]*),cn=gssapi,cn=auth
ldap:///dc=example,dc=com??sub?(exampleKrb5PrincipalName=$1@$2)
sasl-realm EXAMPLE.COM
sasl-secprops minssf=0
As I mentioned before, I do have an /etc/krb5.keytab. ldapwhoami -Y
GSSAPI works fine. I don't know precisely how slapd ends up using kcm.
slapd is linked with libheimbase.so.1, so presumably it ends up calling
some heimdal library function that ends up accessing that socket.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1472639
Title:
apparmor profile denied for kerberos: /run/.heim_org.h5l.kcm-socket
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1472639/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
