Public bug reported:

I am usinc nscd with nslcd (LDAP lookup daemon) for NSS services via
LDAP.

It is typical to configure nslcd to connect to the actual LDAP server,
and then set up /etc/ldap.conf (which is what NSS/nscd uses for "ldap"
type lookups in /etc/nsswitch.conf) with a server URI of
ldapi:///var/run/nslcd/socket . This way, only nslcd needs to talk with
the LDAP server, rather than every application that wants to do
getpwent() et al.

Unfortunately, the usr.sbin.nscd profile in apparmor-profiles
2.10.95-0ubuntu2 (Xenial) makes no mention of the nslcd socket, which
results in NSS LDAP lookups not working when the profile is enforced in
this configuration.

This is the new line that is needed:

    /{,var/}run/nslcd/socket rw,

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575438

Title:
  usr.sbin.nscd needs r/w access to nslcd socket

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1575438/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to