slapd chroot jail problem
Hi
I've installed an ldap server (just apt-get install slapd). I did some changes
to default installation, like
adduser slapd
chown -R slapd.slapd /etc/ldap
chmod 770 /etc/ldap
find /etc/ldap -type f -exec chmod 440 {} \;
find /etc/ldap -type d -exec chmod 770 {} \;
chown -R slapd.slapd /var/lib/ldap
chmod 750 /var/lib/ldap
rm /var/lib/ldap/*
chown -R slapd.slapd /var/spool/slurpd
rm /var/spool/slurpd/*
then I added to "/etc/default/slapd"
SLAPD_USER=slapd
SLAPD_GROUP=slapd
And then I read about "-r" parameter. I thought "-r" would be a better
approach than the one I was trying. So I added to /etc/default/slapd"
SLAPD_OPTIONS="-r /home/slapd"
I added this to have slapd chrooted to /home/slapd. But when I did this and
tried to restart slapd, I get the error:
"No passwd entry for user slapd"
"Of course", I thought, "man says 'slapd will chroot to this directory after
opening listeners but before reading any configuration files or initializing
any backends', so slapd has no access to /etc/passwd, and can't see slapd
entry.". Then I copied /etc/passwd and /etc/shadow (just in case)
to /home/slapd/etc/passwd, and I got the same error. Then I copy them
to /home/slapd/passwd, and the same error.
So I thought "I will make slapd start chrooted and after I will search how to
change user". Then I removed SLAPD_USER and SLAPD_GROUP
from /etc/default/slapd, and tried to start slapd.
Now the error is different:
"error loading ucdata (error -127)"
So I'm sure the chroot make slapd don't find these files, but I copy them just
as "/home/slapd" was "/" and I get no difference :(
So someone's got some info about this parameter of slapd? Where is it looking
for these files with this config?
I've looked the admin's guide, and the FAQ's, and the man pages and I've found
nothing. Can any of you help me, please?
PD: I'm writing down everything I'm doing to get slapd going secure. When I'm
done, I'll send it to you. Help will be apreciate ;)
Reply to: