Apparmor prevents locking of /var/tmp/krb5* file for slapd
Bug #1934390 reported by
Sami hulkko
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Kerbeross5 with LDAP backed and GSSAPI connectivity fails due the Apparmor profile for slapd that doesn't include possibility to give read and lock rights to slapd process.
Error on kern.log:
Jul 1 20:20:12 auth kernel: [ 875.743303] audit: type=1400 audit(162516001
This kerberos profile is most likely needed for connectivity to open-ldap server due the fact that GSSAPI is used.
A quick fix is to add:
/var/tmp/krb5* rk,
into:
/etc/apparmor.
To post a comment you must log in.