[Pkg-openldap-devel] openldap test000-rootdse failed due to overstrict /etc/hosts.deny
Kalle Olavi Niemitalo
kon at iki.fi
Mon Feb 23 01:04:08 UTC 2009
My first attempt to build openldap 2.4.11-1 failed because
openldap-2.4.11/tests/scripts/test000-rootdse was unable to
contact the slapd it had started. I just got "Waiting 5 seconds
for slapd to start..." repeatedly until it gave up.
The reason was "ALL: ALL" in my /etc/hosts.deny. I had
exceptions for a few services at 127.0.0.1 in /etc/hosts.allow
but not for slapd. After I added slapd there, test000-rootdse
passed fine. I then restarted the build from the beginning.
I am not using a chroot.
I wonder if the test suite could somehow avoid failure in this
situation. Probably not. There could in principle be some
environment variable or command-line option to make slapd ignore
the tcp-wrappers configuration files, but if the test suite used
such a thing automatically, it would be disobeying the
administrator's security settings.
After the test had failed for the first time, I browsed the
scripts a bit, restarted the test, and tried connecting to the
slapd with telnet. It accepted the connection but then closed it
right away. From this, it was pretty easy to guess libwrap was
blocking the service, even though there were no hints in syslog.
So the problem is probably not even worth documenting in the
test. Anyway, the build error was somewhat surprising, so I
wanted to tell someone about it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20090223/b390b5e1/attachment-0001.pgp>
More information about the Pkg-openldap-devel
mailing list