On 04-10-2014 18:28, Bruce Dubbs wrote:
Pierre Labastie wrote:
In the book, /var/lib/openldap is created with mode 700 and owner
root:ldap.
This implies that the ldap user cannot access it. But it is the place
where
slapd writes user databases, and slapd runs as user ldap.
Actually, I have always observed that openldap fails at boot, but
since until
today I did not want to use it, I didn't care.
It starts fine here.
Changing the mode of /var/lib/openldap to 770 allows starting the
daemon at boot.
In the patch we apply:
# The database directory MUST exist prior to
# running slapd AND should only be accessible
# by the slapd/tools. Mode 0700 recommended.
-directory LOCALSTATEDIR/openldap\-data
+directory LOCALSTATEDIR/lib/openldap
Sp perhaps our chown -v -R root:ldap /var/lib/openldap command should be
changed to ldap:ldap.
I think this can be done without problem.
I don't have any of the problems:
$ ls -ld /var/lib/openldap/
drwx------ 2 ldap ldap 4096 Out 4 14:22 /var/lib/openldap/
$ pgrep -l slapd
4605 slapd
$ sudo /etc/rc.d/init.d/slapd restart
* Stopping OpenLDAP
[ OK ]
* Starting OpenLDAP
[ OK ]
Funny that in my script, I do install as root:ldap, so, no idea, if
during the configuration it might have changed it? Don't know
$ grep chown openldap-2.4.40.sh
chown -v -R ldap:ldap /var/lib/openldap &&
chown -v root:ldap /etc/openldap/{slapd.{conf,ldif},DB_CONFIG.example} &&
$ ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts# extended
LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts
#
#
dn:
namingContexts: dc=my-domain,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
--
[]s,
Fernando
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
