--On Wednesday, August 09, 2006 12:49 AM -0600 "Berg, Michael"
<[EMAIL PROTECTED]> wrote:
Okay, hm. Can you try this, preferably with daemontools:
/usr/bin/setuidgid openldap /bin/cat </path/to/certs/certfiles>
for every cert you believe the server should be able to read. It really
seems like the "openldap" user/group doesn't have permission to
something that it should.
I don't have daemontools on this system, but I temporarily changed the
shell for the openldap user from /bin/false to /bin/bash and then su'd to
openldap.
Hm... Okay, instead of "strace" output, what does the output from "slapd -d
-1" show in the following bits:
(a) running as root, up until waiting for a connection
(b) running as root, getting a problem connection
(c) running as openldap user, up until waiting for a connection
(d) running as openldap user, getting a problem connection
I find -d -1 can be a bit more useful than strace when looking for
something other than permissions problems with slapd. You will have to
either alter the startup script or manually start slapd of course. ;)
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
