Public bug reported:
Kerbeross5 with LDAP backed and GSSAPI connectivity fails due the
Apparmor profile for slapd that doesn't include possibility to give read
and lock rights to slapd process.
Error on kern.log:
Jul 1 20:20:12 auth kernel: [ 875.743303] audit: type=1400
audit(1625160012.372:1191): apparmor="DENIED" operation="file_lock"
profile="/usr/sbin/slapd" name="/var/tmp/krb5_130.rcache2" pid=1559
comm="slapd" requested_mask="k" denied_mask="k" fsuid=130 ouid=130
This kerberos profile is most likely needed for connectivity to open-
ldap server due the fact that GSSAPI is used.
A quick fix is to add:
/var/tmp/krb5* rk,
into:
/etc/apparmor.d/local/usr.sbin.slapd
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: gssapi kerberos5 slapd
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1934390
Title:
Apparmor prevents locking of /var/tmp/krb5* file for slapd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1934390/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
