[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapi socket permissions

> Hi Tonni,
> Tony Earnshaw <tonye@billy.demon.nl> writes:
>> tor, 05.02.2004 kl. 17.09 skrev Dieter Kluenter:
>>> Can I now with 2.2.x pass a permission parameter to slapd at startup
>>> and how is that done?
> [...]
>> The following worked with 2.1.25, in my startup script (o.k., it's
>> actually a bit otherwise, but this is it essentially):
>> slapd -u ldap -h 'ldap:/// ldaps:///
>> ldapi://%2Fusr%2Flocal%2Fvar%2Fldapi/????x-mod=0777'
>> But it don't work no more with 2.2.5, - seems to be broken in that
>> respect.
>> So I just force it; in the same startup script, after the above line:
>> /bin/chmod 4777 /usr/local/var/ldapi
> I was not thinking of unix tools, that is too easy :-)
> I found now the thread in openldap-devel, which is
> http://www.openldap.org/lists/openldap-devel/200201/msg00231.html
> http://www.openldap.org/lists/openldap-devel/200201/msg00232.html
> the version, ando is recommending, does not work for me, yet.

That code is disabled on purpose, as noted in some
-devel thread, because socket permissions are not
honored in many unix flavours; "the correct" way to
protect a socket is to apply permissions to the
directory the socket resides in.


Pierangelo Masarati