[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access Control development and cn=config

Kurt D. Zeilenga writes:
> Anyways, it would be interesting to pursue a slapd.conf(5)-less
> slapd(8).   Initially the server would start up without no
> configuration, listening only on ldapi:// and running with
> access controls allowing only the owner of slapd(8) process
> to read/write to the directory (use ldapi:// SASL/EXTERNAL for
> authentication).

I think this requires quite a reorganization: You must start the config
backend before the '-u' option is processed, otherwise Unix slapd can't
open other sockets < 1024.  OTOH, I do hope you still start the other
backeds _after_ '-u' is processed.