My configs are:
/etc/default/saslauthd: # # Settings for saslauthd daemon # Please read /usr/share/doc/sasl2-bin/README.Debian for details. # # Should saslauthd run automatically on startup? (default: no) START=yes # Description of this saslauthd instance. Recommended. # (suggestion: SASL Authentication Daemon) DESC="SASL Authentication Daemon" # Short name of this saslauthd instance. Strongly recommended. # (suggestion: saslauthd) NAME="saslauthd" # Which authentication mechanisms should saslauthd use? (default: pam) # # Available options in this Debian package: # getpwent -- use the getpwent() library function # kerberos5 -- use Kerberos 5 # pam -- use PAM # rimap -- use a remote IMAP server # shadow -- use the local shadow password file # sasldb -- use the local sasldb database file # ldap -- use LDAP (configuration is in /etc/saslauthd.conf) # # Only one option may be used at a time. See the saslauthd man page # for more information. # # Example: MECHANISMS="pam" MECHANISMS="kerberos5" # Additional options for this mechanism. (default: none) # See the saslauthd man page for information about mech-specific options. MECH_OPTIONS="" # How many saslauthd processes should we run? (default: 5) # A value of 0 will fork a new process for each connection. THREADS=5 # Other options (default: -c -m /var/run/saslauthd) # Note: You MUST specify the -m option or saslauthd won't run! # # WARNING: DO NOT SPECIFY THE -d OPTION. # The -d option will cause saslauthd to run in the foreground instead of as # a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish # to run saslauthd in debug mode, please run it by hand to be safe. # # See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information. # See the saslauthd man page and the output of 'saslauthd -h' for general # information about these options. # # Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd" # Example for non-chroot Postfix users: "-c -m /var/run/saslauthd" # # To know if your Postfix is running chroot, check /etc/postfix/master.cf. # If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd" # then your Postfix is running in a chroot. # If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT # running in a chroot. OPTIONS="-c -m /var/run/saslauthd" /etc/ldap/sasl2/slapd.conf: mech_list: plain pwcheck_method: saslauthd As the reporter of this bug stated, AppArmor denies slapd access to the saslauthd socket /run/saslauthd/mux. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1557157 Title: apparmor profile denied for saslauthd: /run/saslauthd/mux Status in openldap package in Ubuntu: Incomplete Bug description: When using slapd with saslauthd the processes communicate via the {,/var}/run/saslauthd/mux socket (this is the default location for the saslauthd server from the sasl2-bin package in the /etc/default/saslauthd config), but the apparmor profile for usr.sbin.slapd does not allow access to this socket/file. Syslog message: apparmor="DENIED" operation="connect" profile="/usr/sbin/slapd" name="/run/saslauthd/mux" pid=1880 4 comm="slapd" requested_mask="r" denied_mask="r" fsuid=108 ouid=0 Please add the following line to /etc/apparmor.d/usr.sbin.slapd: /{,var/}run/saslauthd/mux rw, Ubuntu version: Ubuntu 14.04.4 LTS slapd version: 2.4.31-1+nmu2ubu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1557157/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
