[Date Prev][Date Next]
Re: Reg OpenLdap on Ubuntu
I have changed the ownership of /etc/sasldb2 to openldap:openldap and also changed the permission to 640.
For the time being, I may continue with this option and in the future, I will surely shift to the other one i.e. avoiding use of sasldb.
Thank you very much.
On Fri, Sep 11, 2009 at 11:57 AM, Howard Chu <firstname.lastname@example.org>
Generally that's a bad idea, since it exposes all of your SASL passwords to anyone who can access that machine or filesystem. Instead you should just make sure that slapd is running as a user that belongs to the same group as the sasldb file, or is the owner of the file.
Asimananda Mohanty wrote:
I just changed the permission level of /etc/sasldb2 from 640 to 644 and
the command "ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com
uid=asimananda" started working fine.
And of course, the better approach when using SASL is not to use a sasldb file at all, and just store the SASL secrets in the LDAP directory.
I have one more doubt. The above command works fine and accepts password
too but when I changed the option "-b" to "-D", it stopped working. I
read somewhere that -D should not be used with SASL. I am bit confused
about the same.
Thanks for being so helpful.
On Mon, Aug 31, 2009 at 6:59 PM, Matt Kassawara <email@example.com
I recommend reading section 15.2.3 through 15.2.6 of the OpenLDAP
2.4 administrator's guide.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/