[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Running slapd as a non-root user

--On Wednesday, January 30, 2008 6:48 PM -0600 Bill Sterns <mrbill321@hotmail.com> wrote:

I've tried using the -u option by itself, and I've tried the -u and -g
together, but it still does not work. Also, I'm specifying 10636 as the
port, so the non-root user should be able to listen on it without any
problems. The problem seems to be that when OpenLDAP is installed as
root, the configuration and database files are owned by root and are not
viewable if you're not root. For example, here's the permissions on
slapd.conf after the installation:

All of this applies to what I wrote below. The user *must* be able to read the database, conf files, etc. Period. If you've set it root only, then you haven't configured things right.

But yes, the "user/group" slapd will run as must have the correct
permissions to read what it needs to read, so setting those bits
readable  would be the correct thing to do.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration