Ubuntu Server Guide

LDAP Private Key Access

Bug #1170876 reported by Johnny Patino on 2013-04-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu Server Guide	Fix Released	Undecided	Andreas Hasenack

Bug Description

Network Authentication >> OpenLDAP Server says in a couple of places:
sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem
However, what's missing here is that the 'private' directory should also belong to 'ssl-cert'.
sudo chgrp ssl-cert /etc/ssl/private
sudo chmod g+r /etc/ssl/private
Otherwise, secure ldpa will not work because
drwx--x--- 2 root root private
and ss-cert cannot access this directory even if ldap private key is owned by ssl-cert group.

Related branches

lp:~ahasenack/serverguide/ssl-files-access-1170876

Merged into lp:serverguide/trunk at revision 324

Doug Smythies: Approve on 2017-05-10

lp:serverguide/trunk

Gunnar Hjalmarsson (gunnarhj) on 2014-10-26

no longer affects:

ubuntu-docs (Ubuntu)

Andreas Hasenack (ahasenack) on 2017-05-10

Changed in serverguide:
assignee:	nobody → Andreas Hasenack (ahasenack)
status:	New → In Progress

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2017-05-10:

Confimed. If you don't do that, you will get a cryptic error like:

ldap_modify: Other (e.g., implementation specific) error (80)

Doug Smythies (dsmythies) on 2017-05-10

Changed in serverguide:
status:	In Progress → Fix Committed

Doug Smythies (dsmythies) on 2017-06-23

Changed in serverguide:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.