On 10/04/2014 10:57 PM, Pierre Labastie wrote: > In the book, /var/lib/openldap is created with mode 700 and owner root:ldap. > > This implies that the ldap user cannot access it. But it is the place where > slapd writes user databases, and slapd runs as user ldap. > > Actually, I have always observed that openldap fails at boot, but since until > today I did not want to use it, I didn't care. > > Changing the mode of /var/lib/openldap to 770 allows starting the daemon at > boot. But I prefer asking first to the list whether this is a sensible fix. I > am not very good with security issues... > > Pierre >
It should be owned by ldap:ldap, not root:ldap. -- Note: My last name is not Krejzi.
signature.asc
Description: OpenPGP digital signature
-- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
