Conflicts between slapd and nsswitch (SSL not working)
Francesco Gringoli
francesco.gringoli at ing.unibs.it
Mon Apr 19 12:14:55 PDT 2004
Hi all,
I have noticed this conflict when running slapd as a user different
than root
and with nsswitch configured to search in ldap (other than files).
This is my /etc/nsswitch.conf
passwd: files ldap
group: files ldap
If you try to launch slapd as user root and you have configured it
to bind on port 636 for SSL everything is ok. You can connect
to SSL port and browse your db.
But if you try to use a different user for slapd you can still browse
via cleartext on 389
but no more via SSL on 636.
This does not depend on the ldap db you are using for nsswitch.
I tried to use a different slapd already running for the nsswtich part
but the problem was still there.
When you start slapd in debug mode as user different than root with
nsswitch configured to access ldap
you can clearly see that the slapd tries to bind to the ldap server
specified in /etc/ldap.conf to lookup
for the user specified even if this user is in /etc/passwd. This is not
correct since
you cannot start a service with a user that can be provided via
nsswitch by that
service!!
More information about the freebsd-bugs
mailing list