[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: About ldapi://

Note: On most systems the permissions on the socket node are irrelevant. Anyone
can connect. If you really want access control here, you need to restrict the
permissions on the directory that contains the socket.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Pierangelo
> Masarati
> Sent: Monday, January 28, 2002 5:45 AM
> To: openldap-devel@OpenLDAP.org
> Subject: About ldapi://
> I was trying to configure ldapi:// by heart and, after a few failures,
> I looked at the code nad reviewed some old threads on the subject.
> I noted:
> 1) paths must be URL encoded (e.g. /tmp/mysock => ldapi://%2Ftmp%2Fmysock)
> I'll note it somewhere
> 2) there's no clean way to change the permissions on the socket
> (at least as far as I can tell).
> I understand a URL should be written in URL syntax, but since
> everything that follows the URL scheme is a file name we could
> be a little forgiving.
> We could try to use one of the extra fields (e.g. the "attrs")
> to set the permissions, e.g.  ldapi:///tmp/mysock?770
> Is the above correct?  Any comments/ideas on how to overcome (2)?
> Ando