[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8786) Allow OpenLDAP to start as non-root

akram.benaissi@gmail.com wrote:
> Full_Name: Akram Ben Aissi
> Version: 1.1.10
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> Hi,
> We want to run OpenLDAP in containers without root privilege, nor root user id.
> Actually, we start it with user uid=100000009, gid=0
> And we do proper chgrp 0 and chmod 0770 on require directories.
> Because of this: https://github.com/winlibs/openldap/blob/master/servers/slapd/user.c#L158
> we have that:
> Could not set real user id to 100000009
> It would be better to check that setuid is required only if asked user is
> different from actual user.
> Does it make sense ?

No. Just start slapd without specifying a userID.

Closing this ITS.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/