I can confirm this. While this setup doesn't seem too common, it's certainly a valid and supported one. This needs to be adressed on the slapd side, so reassigning this.
The suggested fix (adduser openldap sasl) is quite simple, won't cause any regressions, but does give the slapd process some more priviledges. However, giving daemons access to /etc/sasldb2 is what the "sasl" group is _for_, after all. An alternative might be to force use of saslauthd, provide an configuration upgrade path, test thoroughly,and document that direct access to sasldb2 is no longer supported, I'd really recommend the former, though. :) ** Changed in: openldap2.3 (Ubuntu) Sourcepackagename: cyrus-sasl2 => openldap2.3 Status: Incomplete => Confirmed -- upgrade to hardy: user openldap is not added to group sasl https://bugs.launchpad.net/bugs/218899 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap2.3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs