Hardy has seen the end of its life and is no longer receiving any
updates. Marking the Hardy task for this ticket as Won't Fix.
** Changed in: openldap2.3 (Ubuntu Hardy)
Status: Triaged = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team,
** Tags added: dapper2hardy
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in Ubuntu.
https://bugs.launchpad.net/bugs/227744
Title:
dapper upgrade to hardy: openldap silently refuses to start when
unable to open SSL
Marking won't fix in the development release. This is an issue related
to upgrades from dapper to hardy.
Adding the openldap to the ssl-cert group by default is not an option.
** Changed in: openldap (Ubuntu)
Status: Triaged = Won't Fix
--
dapper upgrade to hardy: openldap silently
It is not a good idea to add the user by default because not all
openldap installations require it. If the user were added to the group
by default, the openldap user could end up with access to highly
sensitive data when it doesn't even need it for itself, possibly without
the admin knowing about
I'm running into the same problem on a fresh Hardy server.
However, I see that /etc/ssl/private is owned by root, and no ssl-cert
group exists. This is Hardy 8.04.2.
Any thoughts?
--
dapper upgrade to hardy: openldap silently refuses to start when unable to open
SSL certificates - main: TLS
** Summary changed:
- dapper upgrade to hardy: openldap silently refuses to start when unable to
open SSL certificates - main: TLS init def ctx failed: -64
+ dapper upgrade to hardy: openldap silently refuses to start when unable to
open SSL certificates - main: TLS init def ctx failed: -64 -
The postinst script should check on upgrade from dapper if TLS is used
and if so, add the openldap user to the ssl-cert group.
Nominating for Hardy.
** Changed in: openldap2.3 (Ubuntu Hardy)
Status: New = Triaged
--
dapper upgrade to hardy: openldap silently refuses to start when unable
Marking invalid for openldap2.3 in intrepid.
** Changed in: openldap2.3 (Ubuntu)
Status: Triaged = Invalid
** Also affects: openldap (Ubuntu)
Importance: Undecided
Status: New
--
dapper upgrade to hardy: openldap silently refuses to start when unable to open
SSL certificates
The error message should be improved.
** Changed in: openldap (Ubuntu)
Importance: Undecided = Low
Status: New = Triaged
** Changed in: openldap (Ubuntu Hardy)
Status: New = Invalid
--
dapper upgrade to hardy: openldap silently refuses to start when unable to open
SSL
A solution I found is simply to add openldap user to the ssl-cert group,
which is the group that is allowed to read certificate key files under
/etc/ssl/private, at least in a default hardy install.
--
dapper upgrade to hardy: openldap silently refuses to start when unable to open
SSL
Another small problem with it; the AppArmor profile allows reading from
/etc/ssl/certs/* and /etc/ssl/private/* - but because of this bug, you
have to put the cert elsewhere, forcing one to break the AppArmor
profile.
As a temporary solution, the installer could add /etc/ldap/private/,
owned by
Same problem here. I had to recreate the certificates. But not only for
openldap, I had to recreate my CA certificate. This means I had to
recreate all my server certificates. Not very nice.
--
dapper upgrade to hardy: openldap silently refuses to start when unable to open
SSL certificates -
12 matches
Mail list logo