[Lxc-users] OpenLdap in an LXC container

David Touzeau david at touzeau.eu
Wed May 4 20:50:45 UTC 2011


Dear 

I have created a Fedora container on an Ubuntu.
I have installed OpenLDAP inside the container but OpenLDAP did want to
start with permissions issues.
*******************************************************************
[root at fedora ~]# /usr/sbin/slapd -d 16383

@(#) $OpenLDAP: slapd 2.4.23 (Nov 23 2010 17:29:50) $

mockbuild at x86-07.phx2.fedoraproject.org:/builddir/build/BUILD/openldap-2.4.23/openldap-2.4.23/build-servers/servers/slapd
ldap_pvt_gethostbyname_a: host=fedora.ak8.touzeau.com, r=0
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: listener initialized ldap:///
daemon_init: 2 listeners opened
ldap_create
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Berkeley DB 4.8.30: (July  8, 2010)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Berkeley DB 4.8.30: (July  8, 2010)
null_back_initialize: initialize null backend
reading config file /etc/openldap/slapd.conf
line 1 (pidfile         /var/run/slapd/slapd.pid)
line 4 (include         /etc/openldap/schema/core.schema)

could not open config file "/etc/openldap/schema/core.schema":
Permission denied (13)

/etc/openldap/slapd.conf: line 4: <include> handler exited with 1!
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.

*******************************************************************

It is strange because the /etc/openldap/schema/core.schema is in 755
chmod and openldap server running has root inside the container..

Did somebody know if there is a tip/trick how to make it run inside a
LXC Container...

Here it is the strace output :
*******************************************************************
mmap2(NULL, 17632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 10,
0) = 0xb74cc000
mmap2(0xb74d0000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
MAP_DENYWRITE, 10, 0x3) = 0xb74d0000
close(10)                               = 0
getdents(9, /* 0 entries */, 32768)     = 0
close(9)                                = 0
brk(0)                                  = 0xb97a5000
brk(0xb97c6000)                         = 0xb97c6000
stat64("/etc/openldap/slapd.d", 0xbfcd471c) = -1 ENOENT (No such file or
directory)
stat64("/etc/openldap/slapd.conf", {st_mode=S_IFREG|0777,
st_size=2403, ...}) = 0
open("/etc/openldap/slapd.conf", O_RDONLY) = 9
fstat64(9, {st_mode=S_IFREG|0777, st_size=2403, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb6ec0000
read(9, "pidfile         /var/run/slapd/s"..., 4096) = 2403
stat64("/etc/openldap/schema/core.schema", {st_mode=S_IFREG|0777,
st_size=20346, ...}) = 0
open("/etc/openldap/schema/core.schema", O_RDONLY) = -1 EACCES
(Permission denied)
time(NULL)                              = 1304542124
send(3, "<167>May  4 16:48:44 slapd[2112]"..., 120, MSG_NOSIGNAL) = 120
close(9)                                = 0
munmap(0xb6ec0000, 4096)                = 0
time(NULL)                              = 1304542124
send(3, "<167>May  4 16:48:44 slapd[2112]"..., 75, MSG_NOSIGNAL) = 75
munmap(0xb74cc000, 17632)               = 0
munmap(0xb6ec1000, 23508)               = 0
time(NULL)                              = 1304542124
send(3, "<167>May  4 16:48:44 slapd[2112]"..., 49, MSG_NOSIGNAL) = 49
close(3)                                = 0
time(NULL)                              = 1304542124
socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
send(3, "<167>May  4 16:48:44 slapd[2112]"..., 75, MSG_NOSIGNAL) = 75
shutdown(5, SHUT_RDWR)                  = -1 ENOTSOCK (Socket operation
on non-socket)
close(5)                                = 0
shutdown(4, SHUT_RDWR)                  = -1 ENOTSOCK (Socket operation
on non-socket)
close(4)                                = 0
close(6)                                = 0
exit_group(1)                           = ?
*******************************************************************









More information about the lxc-users mailing list