Date: Mon, 19 Apr 2004 21:14:45 +0200 From: Francesco Gringoli <francesco.gringoli@ing.unibs.it> To: freebsd-bugs@freebsd.org Subject: Conflicts between slapd and nsswitch (SSL not working) Message-ID: <D183639C-9235-11D8-BF7B-000A95CD8008@ing.unibs.it>
next in thread | raw e-mail | index | archive | help
Hi all, I have noticed this conflict when running slapd as a user different than root and with nsswitch configured to search in ldap (other than files). This is my /etc/nsswitch.conf passwd: files ldap group: files ldap If you try to launch slapd as user root and you have configured it to bind on port 636 for SSL everything is ok. You can connect to SSL port and browse your db. But if you try to use a different user for slapd you can still browse via cleartext on 389 but no more via SSL on 636. This does not depend on the ldap db you are using for nsswitch. I tried to use a different slapd already running for the nsswtich part but the problem was still there. When you start slapd in debug mode as user different than root with nsswitch configured to access ldap you can clearly see that the slapd tries to bind to the ldap server specified in /etc/ldap.conf to lookup for the user specified even if this user is in /etc/passwd. This is not correct since you cannot start a service with a user that can be provided via nsswitch by that service!!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D183639C-9235-11D8-BF7B-000A95CD8008>