[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
This bug was fixed in the package openldap - 2.4.31-1+nmu2ubuntu12.2 --- openldap (2.4.31-1+nmu2ubuntu12.2) vivid; urgency=medium * debian/apparmor-profile: Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor kernel ABI v7 (utopic and later). (LP: #1392018) -- Ryan Tandy Thu, 25 Jun 2015 09:40:29 -0700 ** Changed in: openldap (Ubuntu Vivid) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
With slapd from vivid-updates: # dpkg-query -W slapd slapd 2.4.31-1+nmu2ubuntu12.1 # ldapwhoami -H ldapi:// -QY EXTERNAL ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) With slapd from vivid-proposed: # dpkg-query -W slapd slapd 2.4.31-1+nmu2ubuntu12.2 # ldapwhoami -H ldapi:// -QY EXTERNAL dn:gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth Marking verified. ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
** Branch linked: lp:ubuntu/vivid-proposed/openldap -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
Hello Arjan.S, or anyone else affected, Accepted openldap into vivid-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openldap/2.4.31-1+nmu2ubuntu12.2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: openldap (Ubuntu Vivid) Status: In Progress => Fix Committed ** Tags added: verification-needed ** Changed in: openldap (Ubuntu Utopic) Status: In Progress => Won't Fix -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
ACK on the debdiffs, they look good. Thanks! Uploaded for processing by the SRU team. ** Changed in: openldap (Ubuntu Utopic) Status: New => In Progress ** Changed in: openldap (Ubuntu Vivid) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
** Patch added: "vivid patch v2" https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+attachment/4420527/+files/openldap_2.4.31-1%2Bnmu2ubuntu12.2.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
Apologies for the inconvenience. Attaching fixed (and tested) patches. ** Patch added: "utopic patch v2" https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+attachment/4420526/+files/openldap_2.4.31-1%2Bnmu2ubuntu11.2.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
The actual fix that went into wily is:
# pid files and sockets
/{,var/}run/slapd/* w,
/{,var/}run/slapd/ldapi rw,
/{,var/}run/nslcd/socket rw,
Ryan, could you please update your proposed debdiffs to reflect the
actual changes that went into the development release?
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1392018
Title:
apparmor stops /var/run/ldapi from being read causing ldap to fail
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
** Branch linked: lp:ubuntu/openldap -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
** Also affects: openldap (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Vivid) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
On Wed, Jun 17, 2015 at 07:28:44AM -, Moritz wrote: >I try to apply the vivid patch, but don't seem to have openldap >installed, only slapd – is that the same? openldap is the source package. slapd is one of the binary packages built from it. http://packages.ubuntu.com/source/vivid/openldap https://www.debian.org/doc/manuals/debian-faq/ch-pkg_basics.en.html The patch applies to the source package. >If slapd is correct, what is the proper patch location? The patch changes one file: /etc/apparmor.d/usr.sbin.slapd -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
I try to apply the vivid patch, but don't seem to have openldap installed, only slapd – is that the same? apt-get install openldap -> Unable to locate package If slapd is correct, what is the proper patch location? slapd is located as follows: /etc/init.d/slapd /etc/ufw/applications.d/slapd /etc/default/slapd /run/slapd /usr/share/lintian/overrides/slapd /usr/share/slapd /usr/share/doc/slapd /usr/sbin/slapd /var/lib/slapd -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
On Tue, Jun 02, 2015 at 01:36:04AM -, Massé wrote: >Hello! I have a problem with the vivid patch > >sudo patch -p1 < ../openldap_2.4.31-1+nmu2ubuntu12.debdiff >bash: ../openldap_2.4.31-1+nmu2ubuntu12.debdiff: Aucun fichier ou dossier de >ce type That's not a problem with the patch. That's bash telling you it can't find the patch in the place you told it to look :) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
Hello! I have a problem with the vivid patch sudo patch -p1 < ../openldap_2.4.31-1+nmu2ubuntu12.debdiff bash: ../openldap_2.4.31-1+nmu2ubuntu12.debdiff: Aucun fichier ou dossier de ce type -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
** Description changed:
- There is a bug in slapd that triggers the profile of apparmor of slapd.
+ [Impact]
- When installing a clean ubuntu 14.10 server and installing slapd with :
- apt-get install slapd ldap-utils
- configure it with :
- dpkg-reconfigure slapd
- with ldap address of ldapi://xxx.xxx.xxx
- the following command :
- ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config
- gives the following error:
+ * Changes to AppArmor's unix socket mediation in utopic and later
+ require servers to have 'rw' file permissions on socket paths, compared
+ to just 'w' previously.
+
+ * This bug breaks any application that tries to communicate with slapd
+ via the ldapi:// scheme, for example heimdal-kdc.
+
+ * The recommended way to configure slapd in Ubuntu is to authenticate
+ via SASL EXTERNAL over the ldapi socket. This bug prevents online
+ configuration of slapd (via ldapmodify) in the default setup.
+
+ [Test Case]
+
+ apt-get install slapd
+ ldapwhoami -H ldapi:// -QY EXTERNAL
+
+ Expected result:
+ dn:gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+
+ Actual result:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
- Checking syslog :
- apparmor="DENIED" operation="file_perm" profile="/usr/sbin/slapd"
name="/run/slapd/ldapi" pid=1137 comm="slapd" requested_mask="r"
denied_mask="r" fsuid=105 ouid=0
- we find in apparmor profile :
- /etc/apparmor.d/usr.sbin.slapd reads:
- # pid files and sockets
- /{,var/}run/slapd/* w,
- /run/slapd/ldapi has srwxrwxrwx attributes and is owned by
- root:root
+ [Regression Potential]
- In 14.04 all of this is the same but does not lead to an error.
+ * Extremely low potential for regression. No code changes, only granting
+ an additional permission on contents of two directories. The worst
+ possible regression is that slapd might be permitted to read some files
+ it shouldn't, but having such files in /run/{slapd,nslcd} seems
+ unlikely.
- Changing it into :
- # pid files and sockets
- /{,var/}run/slapd/* rw,
+ [Other Info]
- Solves the issue but does not show me where things actually go wrong.
- Slapd tries to read the file but fails.
+ Test packages can be found in ppa:rtandy/lp1392018
** Patch added: "utopic patch"
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+attachment/4406775/+files/openldap_2.4.31-1%2Bnmu2ubuntu11.2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1392018
Title:
apparmor stops /var/run/ldapi from being read causing ldap to fail
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
** Patch added: "vivid patch" https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+attachment/4406776/+files/openldap_2.4.31-1%2Bnmu2ubuntu12.2.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
This bug was fixed in the package openldap - 2.4.40+dfsg-1ubuntu1
---
openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
* Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
- Enable AppArmor support:
- d/apparmor-profile: add AppArmor profile
- d/rules: use dh_apparmor
- d/control: Build-Depends on dh-apparmor
- d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support:
- d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
- d/configure.options: Configure with --with-gssapi
- d/control: Added heimdal-dev as a build depend
- Enable ufw support:
- d/control: suggest ufw.
- d/rules: install ufw profile.
- d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
- d/{patches/nssov-build,rules}: Apply, build and package the
nss overlay.
- d/{rules,slapd.py}: Add apport hook.
- d/slapd.init.ldif: don't set olcRootDN since it's not defined in
either the default DIT nor via an Authn mapping.
- d/slapd.scripts-common:
- add slapcat_opts to local variables.
- Remove unused variable new_conf.
- Fix backup directory naming for multiple reconfiguration.
- d/{slapd.default,slapd.README.Debian}: use the new configuration style.
- d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open
- Show distribution in version:
- d/control: added lsb-release
- d/patches/fix-ldap-distribution.patch: show distribution in version
* Drop patches included upstream:
- d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
- d/patches/bdb-deadlock.patch
- d/patches/its-7354-fix-delta-sync-mmr.diff
* Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
* debian/patches/nssov-build: Adjust for upstream changes.
* debian/apparmor-profile:
- Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
kernel ABI v7 (utopic and later). (LP: #1392018)
- Reduce permissions on /run/nslcd to just the nslcd socket.
* Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
(LP: #1293250)
openldap (2.4.40+dfsg-1) unstable; urgency=medium
* Remove inetorgperson.schema from the upstream source. Replace it with a
copy stripped of RFC text. (Closes: #780283)
* Adjust debian/watch for +dfsg versioning.
* debian/patches/ITS7975-fix-mdb-onelevel-search.patch: Import upstream
patch to fix scope=onelevel searches wrongly including the search base in
results under the MDB backend. (ITS#7975) (Closes: #782212)
openldap (2.4.40-4) unstable; urgency=medium
* debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream
patch to fix a crash when a search includes the Deref control with an
empty attribute list. (ITS#8027) (CVE-2015-1545, Closes: #776988)
* debian/patches/ITS8046-fix-vrFilter_free-crash.patch: Import upstream
patch to fix a double free triggered by certain search queries using the
Matched Values control. (ITS#8046) (CVE-2015-1546, Closes: #776991)
openldap (2.4.40-3) unstable; urgency=medium
* Remove trailing spaces from slapd.templates.
* Update Vietnamese debconf translation.
Thanks to Trần Ngọc Quân.
* Update Danish debconf translation.
Thanks to Joe Hansen. (Closes: #766848)
* Update Japanese debconf translation.
Thanks to Kenshi Muto. (Closes: #766824)
* Update Russian debconf translation.
Thanks to Yuri Kozlov. (Closes: #766825)
* Update Basque translation.
Thanks to Iñaki Larrañaga Murgoitio. (Closes: #767070)
* Update French debconf translation.
Thanks to Christian Perrier. (Closes: #767634)
* Update German debconf translation.
Thanks to Helge Kreutzmann. (Closes: #767686)
* Update Portuguese debconf translation.
Thanks to Ricardo Silva. (Closes: #768085)
* Update Italian debconf translation.
Thanks to Luca Monducci. (Closes: #768195)
* Update Turkish debconf translation.
Thanks to Atila KOÇ. (Closes: #768409)
* Update Czech debconf translation.
Thanks to Miroslav Kure. (Closes: #768591)
* Update Catalan debconf translation.
Thanks to Innocent De Marchi. (Closes: #768605)
* Update Dutch debconf translation.
Thanks to Frans Spiesschaert. (Closes: #769024)
* Update Brazilian Portuguese debconf translation.
Thanks to Adriano Rafael Gomes. (Closes: #769717)
* Update Galician debconf translation.
Thanks to Jorge Barreiro.
* Update Swedish debconf translation.
Thanks to Martin Bagge / brother. (Closes: #769867)
* Update Spanish debconf translation.
Thanks to Camaleón. (Closes: #770715)
* Fix doubled spaces in po files, caused by trailing spaces in the templates
file.
* Run debconf-updatepo to r
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
** Branch linked: lp:ubuntu/wily-proposed/openldap -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
Based on reading apparmor code and changes, it sounds like changing 'w' to 'rw' actually is the correct fix (f.ex. [1]). My proposed merge (bug 1395098) includes that change. This should probably be SRUed to U and V after getting fixed in the development release. Considering that ldapi is our default and recommended way of doing config changes, this is certainly a grave bug. [1] http://bazaar.launchpad.net/~apparmor- dev/apparmor/master/view/head:/tests/regression/apparmor/unix_socket_pathname.sh#L40 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Ryan Tandy (rtandy) ** Changed in: openldap (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
** Tags added: apparmor -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
This bug can also be found in Ubuntu 15.04 vivid. The workaround of modifying apparmor works. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
I confirm that the bug is present on Kubuntu 14.10 as well. When installing a clean ubuntu 14.10 server and installing slapd with : apt-get install slapd ldap-utils configure it with : dpkg-reconfigure slapd with ldap address of ldapi://xxx.xxx.xxx the following command : ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config gives the following error: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Also, the provided solution of modifying apparmor config for slapd worked. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openldap (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1392018 Title: apparmor stops /var/run/ldapi from being read causing ldap to fail To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1392018/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
