I started to see this error in the Web Admin console when trying to access any of the Domain menu options.
The error was reported in /var/log/zental/zental.log as
Ldap.pm:219 EBox::Ldap::safeConnect - FATAL: Could not connect to samba LDAP server: connect: Permission denied at FATAL: Could not connect to samba LDAP server: connect: Permission denied at /usr/share/perl5/EBox/Ldap.pm line 219
After a great deal of debugging, I found this solution.
- Zentyal makes its LDAP connection through a pipe at /var/lib/samba/private/ldapi_priv/ldapi
- The modules run as user ebox
- ldapi_priv is group "ebox"
- ldapi_priv/ldapi is a pipe, so read/writeable by all
- /var/lib/samba has permissions allowing any user to access
- in my situation, /var/lib/samba/private was owned root:root and only accessible by root
- therefore it seemed that user ebox could not access the ldapi pipe (defined in /usr/share/perl5/EBox/Ldap.pm)
I changed the permissions of the private folder
sudo chgrp ebox private
sudo chown g=rwx private
That fixed my problem