[BUG / FIX] Carbonio CE 2026 Ubuntu 22.04 Install Fails: slapd Permission Denied (Missing setcap)

Environment:

• OS: Ubuntu 22.04.5 LTS (Fresh Install)

• Storage: Dedicated ZFS dataset mounted at /opt/zextras

• Version: Carbonio CE (Current 2026 Repository Build as of 3/22/26)

• Component: carbonio-directory-server / OpenLDAP

The Issue:

During a fresh installation, carbonio-bootstrap fails at the "Initializing ldap..." phase with the error Starting openldap...failed.

Running the LDAP daemon manually in debug mode via: sudo
su - zextras -c "/opt/zextras/common/libexec/slapd -d 1" Reveals the daemon is crashing immediately with: daemon:
bind(7) failed errno=13 (Permission denied)

The Root Cause:

The unprivileged zextras user is attempting to bind OpenLDAP to port 389 (a privileged port < 1024). In recent builds, the slapd binary was moved to /opt/zextras/common/libexec/slapd. The .deb package's post-installation script fails to grant the required cap_net_bind_service capability to the binary at this new path.

Running the legacy zmfixperms script does not resolve this, as it only fixes standard POSIX file permissions, not kernel capabilities.

Steps to Reproduce:

1. Mount a dedicated drive/dataset to /opt/zextras and chown 999:999.

2. Install the package via apt install
carbonio-ce.

3. Run carbonio-bootstrap.

4. The bootstrap crashes during LDAP initialization because the daemon is killed by the kernel when attempting to bind to port 389.

The Fix / Workaround:

Before running carbonio-bootstrap, manually grant the required network capability to the new binary path:

Bash

sudo setcap 'cap_net_bind_service=+ep' /opt/zextras/common/libexec/slapd

Once applied, carbonio-bootstrap finishes flawlessly.

Recommendation for Zextras: Please update the post-install hooks in the carbonio-directory-server Debian package to ensure setcap is successfully applied to /opt/zextras/common/libexec/slapd, regardless of underlying storage mounts.