[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: patch: bind address config, non-root user/group (ITS#534)

Please see:


In short, OpenLDAP 1.2 is feature frozen.  As your patch
is viewed as adding new features and hence will not be
applied.  It will, however, remain in our Issue Tracking
System so that other users may apply it if they so choose.

We do appreciate your submission and encourage you to involve
yourself in OpenLDAP development.  Please note we have a
mailing list established for discussing development issues.
You are welcomed to participate.


At 12:50 AM 5/15/00 GMT, kos@bastard.net wrote:
>Full_Name: Kostas Evangelinos
>Version: 1.2.9
>OS: solaris, linux
>URL: ftp://ftp.openldap.org/incoming/kostas-evangelinos-20000514.patch
>Submission from: (NULL) (
>The current (as of May 2000) stable release, 1.2.9, does not support changing
>the effective user id of the running slapd process. Since users like me might
>like to have slapd start up bound to 389 and switch to a non-root user, this 
>patch might be useful.
>Also, all of my applications using LDAP don't need the LDAP port bound to 
>anything other than localhost. To control the ip address slapd will bind to,
>this patch facilitates a new config file option.
>To summarize, the following options are added in slapd.conf:
>. uid, gid: Real and effective uid of slapd after startup
>. bind_port: Port to bind to. The command line option overrides this. If none
>  specified, it will use LDAP_PORT (389).
>. bind_address: The IP address to bind() to.
>I'm aware 1.2.10 is out, but I chose 1.2.9 since it is flagged as stable.
>Be warned that after applying this patch you will need to chown your database
>files as they will have to be readable by the user you choose to run slapd as.