Re: How to confirm --enable-local

["Pierangelo Masarati" <ando@sys-net.it>]

> On Wed, 2004-03-24 at 01:49, Pierangelo Masarati wrote:
>> If you are starting slapd, then it uses the socket if you used
>> the -h "ldapi://" switch; then, if it is unable to open the socket it
>> will not start.
>
> The server starts fine with "-h 'ldapi:/// ldap:///'" and is accessible
> via TCP, SSL, etc thereafter. However, I still get "Can't connect to
> server" when trying to initialize a new REALM in Heimdal Kerbersos that
> requires local socket access. I tried moving the ACL for the socket to
> the top, but then could not access the server via anything but GQ. Right
> now, I have the following ACL entry in my slapd.conf at the bottom of
> all other ACL entries and just above the database entry:
>
> access to *
>         by sockurl="^ldapi:///$" write
>
> Any ideas why Heimdal is not connecting? I'm getting no response from
> the Heimdal list about this. Is there another application I can use that
> accesses via ldapi for testing?
>
>> To setup back-monitor, simply add a
>> "database monitor" directive in slapd.conf, as described in
>> slapd-monitor(5), back-monitor's man page (with references in
>> slapd.conf(5) man page).  Check the permissions of the socket
>> and of the entire path to the socket.
>
> No manual page for slapd-monitor. I see "--enable-monitor" in the
> Makefile, assuming it is installed, but I guess not.

I guess you are using an older version.  slapd-monitor(5) is available
for sure since 2.2, but I think also in late 2.1 versions (need to check
though).

In any case, to access the socket, you need the identity of the user that
created the socket, e.g. root, or add write permissions to other (e.g.
"srwxrwxrwx" permissions, but "s-w--w--w-" suffices.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it