Re: Installing openldap 2.2.19 on RHEL 3

[Craig White <craigwhite@azapple.com>]

On Sun, 2005-01-02 at 18:09 +0100, Tony Earnshaw wrote:
> Marjan Knauer:
> 
> >> I do have a really dumb question... the file
> >> called /usr/local/var/openldap-data/DB_CONFIG
> >>
> >> should that be owned by ldap:ldap or root:root or ??:??
> >>
> >> Craig
> >>
> >
> > I recognized a problem on Fedora 2/3 on replication thathas exactly
> > this owner problem! Someone told me it is thesame on RH-EL. The daemon
> > running as ldap can NOT handlethe replication directory and especially
> > the lock filesfrom the replog files.You have at least to change them all
> > to user and group ldap!For me there seems still to be some problems as I
> > thinkthat the OpenLDAP software creates somes files as user root.I think
> > this is hardcoded in the software and therefor nota good idea of Redhat to
> > change the daemon user.
> 
> Dunno about Red Hat, but on my Openldap source installs (i.e. all of my
> systems), slurpd (if that's what you're writing about) runs as root and
> all files he writes and reads are root:root. Works perfectly. As for
> DB_CONFIU, as long as the ldap user can read it, it doesn't matter who
> owns it.
----
FWIW on RHEL openldap-2.0.27

slapd runs as user ldap
slurpd runs as user root

Craig