[Date Prev][Date Next] [Chronological] [Thread] [Top]

Slapd permission issues

Hello,

I'm trying to run slapd as a non-root user and am having difficulties. As part of a test suite for a library I'm working on, I'd like to automate starting and stopping slapd with various configs, with relatively-pathed config files, etc.

I'm having an issue running slapd with a custom config "slapd.conf" that's not located at /etc/ldap/slapd.conf. Example:

====================
vagrant@lucid64:~/slapd$ pwd
/home/vagrant/slapd

vagrant@lucid64:~/slapd$ ls -l
total 8
drwxr-xr-x 2 vagrant vagrant 4096 2013-09-27 21:14 schema
-rw-r--r-- 1 vagrant vagrant  440 2013-09-27 21:15 slapd.conf

vagrant@lucid64:~/slapd$ sudo slapd -h ldap://localhost:10000 -d 2048 -f slapd.conf 
@(#) $OpenLDAP: slapd 2.4.21 (Dec 19 2011 15:40:04) $
buildd@allspice:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
could not open config file "slapd.conf": Permission denied (13)
slapd stopped.
connections_destroy: nothing to destroy.
====================
The problem is with the "Permission denied": why can't slapd read slapd.conf?

But if I copy the same slapd.conf to /etc/ldap, I get
====================
vagrant@lucid64:~/slapd$ ls -l /etc/ldap/
total 20
-rw-r--r-- 1 root     root      245 2011-12-19 17:19 ldap.conf
drwxr-xr-x 2 root     root     4096 2011-12-19 17:19 sasl2
drwxr-xr-x 2 root     root     4096 2013-09-27 20:26 schema
-rw-r--r-- 1 root     root      440 2013-09-27 21:21 slapd.conf
drwxr-x--- 3 openldap openldap 4096 2013-09-27 20:26 slapd.d

vagrant@lucid64:~/slapd$ sudo slapd -h ldap://localhost:10000 -d 2048 -f /etc/ldap/slapd.conf 
@(#) $OpenLDAP: slapd 2.4.21 (Dec 19 2011 15:40:04) $
buildd@allspice:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
could not stat config file "./core.schema": No such file or directory (2)
slapd stopped.
connections_destroy: nothing to destroy.
====================
which doesn't run (I have relative schema directives in the config file) but at least slapd can read the file.

Note that using an absolute path in the first example has the same result; feeding in a non-existent file gives a different error ("could not stat"). Also, I'm using sudo above just to ease things along; eventually it'll run as a normal user.

I'm running Ubuntu Lucid 64-bit.

Am I missing something obvious?

Thanks,
Gary