** Changed in: openldap2.3 (Debian)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/227744
Title:
dapper upgrade to hardy: openldap silently refuses to start when
unable to open SSL certificates - main: TLS init def ctx failed: -64 -
openldap user not in ssl-cert group
Status in openldap package in Ubuntu:
Won't Fix
Status in openldap2.3 package in Ubuntu:
Invalid
Status in openldap source package in Hardy:
Invalid
Status in openldap2.3 source package in Hardy:
Won't Fix
Status in openldap2.3 package in Debian:
Fix Released
Bug description:
We ran a slapd on Dapper for a long time, and it relied on an SSL cert
that we made root-owned 0400 for reasons of our own internal security.
Apache happily opens these certs as root and passes the file
descriptor along for after it drops privilege to the www-data user.
The default install of slapd on Hardy silently refuses to start when
we point it at these certificates.
On Dapper, we ran slapd as root, and things worked reasonably well.
The Hardy upgrade reconfigured slapd to run as the "openldap" user,
which was unable to read the certificates we have.
The problem with this is that there was no indication in the logs or
the init script output that this was the reason it would not start.
Forcing us to pore through the copious output of the debug mode is a
little unreasonable for such a straightforward error condition.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/227744/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
