LDAP Private Key Access

Bug #1170876 reported by Johnny Patino
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Server Guide
Fix Released
Andreas Hasenack

Bug Description

Network Authentication >> OpenLDAP Server says in a couple of places:
sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem
However, what's missing here is that the 'private' directory should also belong to 'ssl-cert'.
sudo chgrp ssl-cert /etc/ssl/private
sudo chmod g+r /etc/ssl/private
Otherwise, secure ldpa will not work because
drwx--x--- 2 root root private
and ss-cert cannot access this directory even if ldap private key is owned by ssl-cert group.

Related branches

no longer affects: ubuntu-docs (Ubuntu)
Changed in serverguide:
assignee: nobody → Andreas Hasenack (ahasenack)
status: New → In Progress
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Confimed. If you don't do that, you will get a cryptic error like:

ldap_modify: Other (e.g., implementation specific) error (80)

Changed in serverguide:
status: In Progress → Fix Committed
Changed in serverguide:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.