In the book, /var/lib/openldap is created with mode 700 and owner root:ldap.
This implies that the ldap user cannot access it. But it is the place where slapd writes user databases, and slapd runs as user ldap. Actually, I have always observed that openldap fails at boot, but since until today I did not want to use it, I didn't care. Changing the mode of /var/lib/openldap to 770 allows starting the daemon at boot. But I prefer asking first to the list whether this is a sensible fix. I am not very good with security issues... Pierre -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
