-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Florin wrote:
> [EMAIL PROTECTED] (Buchan Milne) writes:
>
>
>>We have just started playing with LDAP replication, and I noticed that
>>our LDAP server (8.2) is running all the slurpd's as root.
>>
>>slapd seems to drop root permissions after opening the ports, so it's ok
>>to start it as root, but slurpd doesn't do this (since it doesn't
>>listen, it acts as an ldap client), so it should be started as user ldap
>>(or similar user with read access to the replication logs slapd
generates).
>>
>>I haven't tested on cooker, but the init script on cooker does the same
>>as on 8.2.
>
>
> Hi there,
>
> I'm the new openldap maintainer and I will have a look and then come back
> with some fixes/answers.
>
I have a modified version of the ldap init script which runs slurpd as
user ldap. I would have sent a patch, but I get this:
[bgmilne@bgmilne bgmilne]$ diff -u /tmp/ldap.init.orig /tmp/ldap.init
Files /tmp/ldap.init.orig and /tmp/ldap.init differ
[bgmilne@bgmilne bgmilne]$
Weird.
Anyway, I commented out the old:
# daemon ${slurpd}
and have now:
daemon su ldap -c \"${slurpd}\" -s /bin/sh
Only problem is that previous installations will have root ownership of
/var/lib/ldap/replica, and slurpd will not be able to write there unless
the perms are changed.
I am running this successfully now with one master and two slaves on
different machines.
Regards,
Buchan
- --
|----------------Registered Linux User #182071-----------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE9vrr4rJK6UGDSBKcRAnUkAKDIqd5Nt618SCKGJTMauK6o3AMu5gCgnpFu
c8gSKqo/nOZ92dXmhtOZWiY=
=YCbz
-----END PGP SIGNATURE-----
