[Date Prev][Date Next]
Re: ldapi socket permissions
> Hi Tonni,
> Tony Earnshaw <firstname.lastname@example.org> writes:
>> tor, 05.02.2004 kl. 17.09 skrev Dieter Kluenter:
>>> Can I now with 2.2.x pass a permission parameter to slapd at startup
>>> and how is that done?
>> The following worked with 2.1.25, in my startup script (o.k., it's
>> actually a bit otherwise, but this is it essentially):
>> slapd -u ldap -h 'ldap:/// ldaps:///
>> But it don't work no more with 2.2.5, - seems to be broken in that
>> So I just force it; in the same startup script, after the above line:
>> /bin/chmod 4777 /usr/local/var/ldapi
> I was not thinking of unix tools, that is too easy :-)
> I found now the thread in openldap-devel, which is
> the version, ando is recommending, does not work for me, yet.
That code is disabled on purpose, as noted in some
-devel thread, because socket permissions are not
honored in many unix flavours; "the correct" way to
protect a socket is to apply permissions to the
directory the socket resides in.