AppArmor provided several complaints:
Jun 16 12:30:43 lionel kernel: [ 6122.925033] audit(1213633843.473:17): type=1503 operation="inode_permission" requested_mask="::a" denied_mask="::a" name="/dev/tty" pid=5259 profile="/usr/sbin/slapd" namespace="default" Jun 16 12:30:43 lionel kernel: [ 6122.927321] audit(1213633843.473:18): type=1503 operation="file_lock" requested_mask="k::" denied_mask="k::" name="/etc/ldap/keytab.ldap" pid=5259 profile="/usr/sbin/slapd" namespace="default" To fix the top two, I added /dev/tty rw, /etc/ldap/keytab.ldap kr, to AppArmor's slapd profile. Upon restart of AppArmor and slapd, I tried to connect again, and it failed with this log message: Jun 16 12:38:17 lionel kernel: [ 6577.144098] audit(1213634297.983:19): type=1503 operation="inode_permission" requested_mask="rw::" denied_mask="rw::" name="/var/tmp/ldap_111" pid=5339 profile="/usr/sbin/slapd" namespace="default" >From there, I added /var/tmp/ r, /var/tmp/* rw, to the slapd profile. Restarting AppArmor and slapd again, connecting to the server with gssapi works fine and presents no errors. -- slapd gssapi failure https://bugs.launchpad.net/bugs/229252 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
