> > > On Friday 21 September 2007 06:07:47 Howard Chu wrote: > > >> Use slaptest instead. > > > except that slaptest doesn't have a "run as another user" flag, and -u is > > > already taken :-(.
I was just working with converting a conf file to a config backend and swear I saw a specific note somewhere to use slaptest (and I knew to use slaptest). Now poking around a bit I can't find it. > > Nor do the tools need such an option; you can just use su. The reason slapd > > can't be started with just "su ldap" is because it may need root privs to > > open the listener sockets. That's the only reason it has -u/-g options. > Sure, and I use su in our init script when testing the configuration. But, > some other distros don't, and don't use -u, and end up creating transaction > log files as root, preventing startup later. I don't perceive this as an OpenLDAP problem; it is more of a "bad distribution! bad!" kind of issue. > I am not aware of any > recommendation of using su for slaptest (though it is quite obvious to many, > it may be worth mentioning explicitly). And, it should certainly be mentioned > in any documentation covering converting to back-config. Nah, it is simply obvious/standard practice. Configuring services as a user or root and then setting permissions as the last step is just how things are done. > > > At present, it seems that if you want to do the conversion while slapd is > > > running, and for a slapd that runs as non-root, something like this is > > > the best option: > > > # slapd -u ldap -g ldap -d none -h > > > ldap://localhost:391/ -f /etc/openldap/slapd.conf -F > > > /etc/openldap/slapd.d > > > As then > > > -The configuration will be converted > > > -slapd won't start up > > What makes you say that? > It will fail to open the database already opened by the running slapd. I'm confused by all of this; who is going to be converting their configuration (which one assumes would also include testing the resulting configuration) while slapd is hot? > > > -you will see any relevant errors > > > -all the files will be owned by the ldap user/group > > > -if it succeeds, a restart of slapd is all that is necessary to continue > > That seems like far more trouble than just using su... > It's aobut the same amount of typing: slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d chown -R ldap.ldap /etc/openldap/slapd.d -- Consonance: an Open Source .NET OpenGroupware client. http://code.google.com/p/consonance/ - Searching for a bored Cairo# hacker. Contact:[EMAIL PROTECTED] http://www.opengroupware.org
