Re: Open LDAP installation on Solaris 2.6 (SPARC)

[Wyman Eric Miles <wymanm@is.rice.edu>]

On Sun, 18 Apr 1999, David J N Begley wrote:

> On Sat, 17 Apr 1999, Wyman Eric Miles wrote:
> 
> > GDBM performance wasn't all it ought to be so we're running 1.2/DB2 off an
> > Ultra 1/Solaris 2.6:105181-13 kernel patch.
> [...]
> > prodding around the code, it turned out the ldif2ldbm process couldn't
> > read slapd.conf.  When I set the permissions on that file to 0644,
> > everything fell right into place.
> 
> Don't forget that making slapd.conf world readable could allow non-priv'd
> users to read your root DN's password.

True.  It's in crypt format and not used anywhere else.  That's
potentially no different than leaving root's password lying around in
non-shadow password systems, I guess.

> 
> > Strangely enough, this only happened when DB2 was the backend.
> 
> Sure ldif2ldbm was running as the same user both times (with and without the
> DB2 backend)?  I'd be surprised if merely changing backends had any real
> affect on the slapd.conf file being read.
> 

Both times running as my UID with everything owned by me and on the local
filesystem.  

> OpenLDAP 1.2.1 with Berkeley DB 2.3.16 running here on a Solaris 7
> SPARCstation IPX (!) - the only problem so far (apart from indicies taking
> forever to rebuild) was a previously mentioned ldapadd crash after 'x'
> thousands of entries had been added to the directory (workaround was use
> ldif2ldbm and live with the directory being down for a few hours while the
> indicies were rebuilt).
> 

That looks like where we're headed.  Our LDAP server will be largely
static, so we'll just rebuild the database in the wee hours.


> Cheers..
> 
> 
> dave
> 
> 

Wyman Miles
Systems Administrator, Rice University, Texas.
(713) 737-5827, e-mail:wymanm@rice.edu, pager:wymanm@pager.rice.edu
SalMoN AntiSpam software for UNIX: http://is.rice.edu/~wymanm/smn