[Bug 218899] Re: upgrade to hardy: user openldap is not added to group sasl
** Changed in: openldap (Ubuntu) Importance: Undecided => Low Status: Confirmed => Triaged -- upgrade to hardy: user openldap is not added to group sasl https://bugs.launchpad.net/bugs/218899 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 218899] Re: upgrade to hardy: user openldap is not added to group sasl
** Changed in: openldap (Ubuntu) Status: New => Triaged ** Changed in: openldap2.3 (Ubuntu Hardy) Importance: Undecided => Low Status: New => Triaged ** Changed in: openldap (Ubuntu) Status: Triaged => Confirmed -- upgrade to hardy: user openldap is not added to group sasl https://bugs.launchpad.net/bugs/218899 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 218899] Re: upgrade to hardy: user openldap is not added to group sasl
** Also affects: openldap (Ubuntu) Importance: Undecided Status: New ** Changed in: openldap2.3 (Ubuntu) Status: Confirmed => Invalid ** Changed in: openldap (Ubuntu Hardy) Status: New => Invalid -- upgrade to hardy: user openldap is not added to group sasl https://bugs.launchpad.net/bugs/218899 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 218899] Re: upgrade to hardy: user openldap is not added to group sasl
+1 for _not_ using saslauthd. The first option only changes one line in /etc/group, but using saslauthd would require having another daemon running. Furthermore, saslauthd recommends against using the sasldb backend (see saslauthd(8) for details). -- upgrade to hardy: user openldap is not added to group sasl https://bugs.launchpad.net/bugs/218899 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 218899] Re: upgrade to hardy: user openldap is not added to group sasl
I can confirm this. While this setup doesn't seem too common, it's certainly a valid and supported one. This needs to be adressed on the slapd side, so reassigning this. The suggested fix (adduser openldap sasl) is quite simple, won't cause any regressions, but does give the slapd process some more priviledges. However, giving daemons access to /etc/sasldb2 is what the "sasl" group is _for_, after all. An alternative might be to force use of saslauthd, provide an configuration upgrade path, test thoroughly,and document that direct access to sasldb2 is no longer supported, I'd really recommend the former, though. :) ** Changed in: openldap2.3 (Ubuntu) Sourcepackagename: cyrus-sasl2 => openldap2.3 Status: Incomplete => Confirmed -- upgrade to hardy: user openldap is not added to group sasl https://bugs.launchpad.net/bugs/218899 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 218899] Re: upgrade to hardy: user openldap is not added to group sasl
Hi! I have a pretty simple setup with libnss-ldap and libpam-ldap authenticating a locally running slapd, which in turn authenticates against sasldb. I have no saslauthd or so running. Before upgrading from dapper to hardy, slapd ran as root, and thus was able to access /etc/sasldb2. After the upgrade, slapd now runs as a new system user "openldap". I think this bug should be moved from source package "cyrus-sasl2" to "openldap2.3". Ciao Martin -- upgrade to hardy: user openldap is not added to group sasl https://bugs.launchpad.net/bugs/218899 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cyrus-sasl2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 218899] Re: upgrade to hardy: user openldap is not added to group sasl
Hello, Can you provide more information about your setup? Thanks chuck ** Changed in: cyrus-sasl2 (Ubuntu) Status: New => Incomplete -- upgrade to hardy: user openldap is not added to group sasl https://bugs.launchpad.net/bugs/218899 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cyrus-sasl2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 218899] Re: upgrade to hardy: user openldap is not added to group sasl
** Changed in: cyrus-sasl2 (Ubuntu) Sourcepackagename: openldap2.3 => cyrus-sasl2 -- upgrade to hardy: user openldap is not added to group sasl https://bugs.launchpad.net/bugs/218899 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cyrus-sasl2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
