[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Permissions, users, startup when install from source

To: Ori Bani <oribani@gmail.com>, openldap-technical@openldap.org
Subject: Re: Permissions, users, startup when install from source
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Tue, 15 Jan 2013 13:54:37 -0800
Content-disposition: inline
In-reply-to: <CALBCx2dpba+PKTb4z-EvXRJmT39FChMz+D+8hT1q2nxz7Pg5Og@mail.gmail.com>
References: <CALBCx2dpba+PKTb4z-EvXRJmT39FChMz+D+8hT1q2nxz7Pg5Og@mail.gmail.com>

--On Tuesday, January 15, 2013 1:32 PM -0800 Ori Bani <oribani@gmail.com>wrote:

Hi,

If compiling and installing from source, I don't see any information
in the manual about how to auto-start the software and about
process/file/directory permissions and ownership. I'm still searching
the Faq-O-Matic (which is a little frustrating).


Read the slapd man page for the options required to start slapd:

<http://www.openldap.org/software/man.cgi?query=slapd&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html>

As for "auto-starting", that is generally OS specific. Your OS vendorshould be able to provide you with documentation on how to write scripts toauto start software on your given platform of choice. That does not seemto be within the scope of OpenLDAP.

Taking a step back, I'd love to install from yum on RHEL/CentOS and
let it be taken care of in a trusted manner. But we require better
password hashing than SHA1, so we are required to compile by hand
using the passwd/sha2 contributed module (little surprised this isn't
accepted into the core project, but I'm sure there are reasons).
Maybe I can find this in a third-party repo somewhere?

Not sure what you mean. the SHA2 contrib module is shipped with everyOpenLDAP release. Thus, as best I can tell, it is indeed included. It isup to the end administrator to determine what features they do or do notwish to include in their build. If you are using an OS provided build, andthey are missing things you think are desirable, then that is aconversation to have with your OS vendor.

If you are using RHEL or CentOS, you may be interested in<http://ltb-project.org/wiki/download#openldap>

After installation, what is commonly done in this regard?  Create
user/group "ldap" with no login shell and chown ldap:ldap on
/usr/local/var/openldap-data?  Is that all?

It depends on your needs. I have done anything from running slapd as root,to running it as a specific user.

Then what do people use for auto-starting the software (presumably
with -u ldap -g ldap) in a RedHat environment?

I wrote my own startup script that works with chkconfig.<http://linuxcommand.org/man_pages/chkconfig8.html>


--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- Permissions, users, startup when install from source
  - From: Ori Bani <oribani@gmail.com>

Prev by Date: Permissions, users, startup when install from source
Next by Date: Re: Permissions, users, startup when install from source
Index(es):
- Chronological
- Thread