[Date Prev][Date Next]
Re: Open LDAP installation on Solaris 2.6 (SPARC)
On Sun, 18 Apr 1999, David J N Begley wrote:
> On Sat, 17 Apr 1999, Wyman Eric Miles wrote:
> > GDBM performance wasn't all it ought to be so we're running 1.2/DB2 off an
> > Ultra 1/Solaris 2.6:105181-13 kernel patch.
> > prodding around the code, it turned out the ldif2ldbm process couldn't
> > read slapd.conf. When I set the permissions on that file to 0644,
> > everything fell right into place.
> Don't forget that making slapd.conf world readable could allow non-priv'd
> users to read your root DN's password.
True. It's in crypt format and not used anywhere else. That's
potentially no different than leaving root's password lying around in
non-shadow password systems, I guess.
> > Strangely enough, this only happened when DB2 was the backend.
> Sure ldif2ldbm was running as the same user both times (with and without the
> DB2 backend)? I'd be surprised if merely changing backends had any real
> affect on the slapd.conf file being read.
Both times running as my UID with everything owned by me and on the local
> OpenLDAP 1.2.1 with Berkeley DB 2.3.16 running here on a Solaris 7
> SPARCstation IPX (!) - the only problem so far (apart from indicies taking
> forever to rebuild) was a previously mentioned ldapadd crash after 'x'
> thousands of entries had been added to the directory (workaround was use
> ldif2ldbm and live with the directory being down for a few hours while the
> indicies were rebuilt).
That looks like where we're headed. Our LDAP server will be largely
static, so we'll just rebuild the database in the wee hours.
Systems Administrator, Rice University, Texas.
(713) 737-5827, e-mail:firstname.lastname@example.org, pager:email@example.com
SalMoN AntiSpam software for UNIX: http://is.rice.edu/~wymanm/smn