Pierre Labastie wrote:
In the book, /var/lib/openldap is created with mode 700 and owner root:ldap.
This implies that the ldap user cannot access it. But it is the place where
slapd writes user databases, and slapd runs as user ldap.
Actually, I have always observed that openldap fails at boot, but since until
today I did not want to use it, I didn't care.
Changing the mode of /var/lib/openldap to 770 allows starting the daemon at
boot. But I prefer asking first to the list whether this is a sensible fix. I
am not very good with security issues...
In the patch we apply:
# The database directory MUST exist prior to
# running slapd AND should only be accessible
# by the slapd/tools. Mode 0700 recommended.
-directory LOCALSTATEDIR/openldap\-data
+directory LOCALSTATEDIR/lib/openldap
Sp perhaps our chown -v -R root:ldap /var/lib/openldap command should be
changed to ldap:ldap.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
