Conflicts between slapd and nsswitch (SSL not working)

[Francesco Gringoli]

Hi all,

I have noticed this conflict when running slapd as a user different 
than root
and with nsswitch configured to search in ldap (other than files).

This is my /etc/nsswitch.conf

   passwd: files ldap
   group: files ldap

If you try to launch slapd as user root and you have configured it
to bind on port 636 for SSL everything is ok. You can connect
to SSL port and browse your db.

But if you try to use a different user for slapd you can still browse 
via cleartext on 389
but no more via SSL on 636.

This does not depend on the ldap db you are using for nsswitch.
I tried to use a different slapd already running for the nsswtich part 
but the problem was still there.

When you start slapd in debug mode as user different than root with 
nsswitch configured to access ldap
you can clearly see that the slapd tries to bind to the ldap server 
specified in /etc/ldap.conf to lookup
for the user specified even if this user is in /etc/passwd. This is not 
correct since
you cannot start a service with a user that can be provided via 
nsswitch by that
service!!