[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slapd startup behavior when unable to bind to an interface

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: Slapd startup behavior when unable to bind to an interface
From: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>
Date: Mon, 11 Jan 2016 15:31:24 +0100
Cc: openldap-devel@openldap.org
In-reply-to: <3C4675616E42CA0200E4AE9A@[192.168.1.9]>
References: <3C4675616E42CA0200E4AE9A@[192.168.1.9]>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0

On 10. jan. 2016 00:48, Quanah Gibson-Mount wrote:

Currently, slapd will start up even if it can't bind to an interface, if more
than one potential interface is given where the bind is successful. (...)
This is fairly trivial to reproduce.  As a non-privileged user, simply do:

-h "ldap:// ldapi://slapd.sock"

It will fail to bind to 389, but bind to the LDAPI socket anyway, and
continue the startup process.  This gives a false result that slapd started
successfully, although clearly external clients will be unable to talk to it.


Doesn't start on my Linux machines, RHEL 6.7 and 7.2:

5693ba7e @(#) $OpenLDAP: slapd 2.4.X (Jan 11 2016 14:14:28) $
hbf@bombur.uio.no:/site/var/ldap/ol/openldap.gt/servers/slapd
5693ba7e daemon: bind(7) failed errno=13 (Permission denied)
5693ba7e daemon: bind(7) failed errno=13 (Permission denied)
5693ba7e slapd stopped.

--
Hallvard

References:
- Slapd startup behavior when unable to bind to an interface
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: Slapd startup behavior when unable to bind to an interface
Next by Date: Dropping the MozNSS crypto bits from OpenLDAP
Index(es):
- Chronological
- Thread