> Does ldap://XXXXX.XXXXXXXX.XXX have a port >= 1024 at the end ?
Nope > > If default of 389, must be root to listen. Interesting.... ps -ef |grep slapd ldap 30749 1 0 10:23 ? 00:00:00 /opt/openldap/libexec/slapd -u ldap -g ldap -h ldap://XXXX02.XXXXXX.org ldaps://XXXX02.XXXXXX.org netstat -anlp|grep slapd tcp 0 0 192.168.1.36:389 0.0.0.0:* LISTEN 30749/slapd tcp 0 0 192.168.1.36:636 0.0.0.0:* LISTEN 30749/slapd This is with version 2.4.13, which as you can see is running as user ldap and bound to 2 ports < 1024 This is from the test box which I was using to compile 2.4.24, now running 2.4.23 /opt/openldap/libexec/slapd -V @(#) $OpenLDAP: slapd 2.4.23 (Feb 28 2011 16:00:12) $ root@rangers:/usr/local/src/openldap-2.4.23/servers/slapd 10:26:38 rangers:$ ps -ef |grep slapd ldap 1086 1 0 Feb28 ? 00:00:00 /opt/openldap/libexec/slapd -u ldap -g ldap -h ldap://XXXXXX.XXXXX.XXXXXX.org netstat -anlp|grep slapd tcp 0 0 192.168.1.124:389 0.0.0.0:* LISTEN 1086/slapd So slapd is able to start and bind to the port. I though this used a mechanism like that of apache whereby the daemon starts as root and then binds to the ports, then drops the privileges to the non-root user, or am I missing something? Cheers Iain > > Cheers > Brett > > On Fri, Feb 25, 2011 at 2:25 AM, Iain M Conochie <[email protected]> wrote: > >> Good Afternoon, >> >> I am attempting to upgrade my openldap 2.4.x installation to the latest >> release 2.4.24. I am compiling from source. I can start slapd as the >> root user but I am unable to start as a non-root user (e.g. ldap). I am >> receiving the following error message: >> >> /opt/openldap/libexec/slapd -u ldap -g ldap -h ldap://XXXXX.XXXXXXXX.XXX >> slapd: sbind.c:76: ldap_simple_bind: Assertion `( >> (ld)->ld_options.ldo_valid == 0x2 )' failed. >> Aborted >> >
