[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8786) Allow OpenLDAP to start as non-root

To: openldap-its@OpenLDAP.org
Subject: (ITS#8786) Allow OpenLDAP to start as non-root
From: akram.benaissi@gmail.com
Date: Fri, 08 Dec 2017 09:39:12 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Akram Ben Aissi
Version: 1.1.10
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (77.154.204.242)


Hi,

We want to run OpenLDAP in containers without root privilege, nor root user id.
Actually, we start it with user uid=100000009, gid=0
And we do proper chgrp 0 and chmod 0770 on require directories.

Because of this: https://github.com/winlibs/openldap/blob/master/servers/slapd/user.c#L158

we have that:
Could not set real user id to 100000009

It would be better to check that setuid is required only if asked user is
different from actual user.

Does it make sense ?

Prev by Date: (ITS#8785) Password quality/Strength check
Next by Date: Re: (ITS#8786) Allow OpenLDAP to start as non-root
Index(es):
- Chronological
- Thread