[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4719) Support for running slapadd/slapindex as a user

On Tue, Oct 24, 2006 at 12:46:30PM -0700, Quanah Gibson-Mount wrote:
> >>Because some people are brain dead, and because other people set up
> >>application accounts that don't actually have a shell.  It also makes
> >>things more consistent behavior wise.  I personally don't have this
> >>issue  because I run openldap as root anyway, but I've seen list traffic
> >>about  this on more than one occasion, and am seeing people hit it on
> >>the debian  openldap list as well.
> >
> >The slapd initscript should/could chown the files whenever slapd is
> >(re)started.
> And how would the init script know the locations of X number of databases, 
> particularly if back-config is used?

With back-config things get more complicated, but with slapd.conf it's
just a bunch of greps.

What about storing this info inside the config file itself (i.e.,
"slapd_user ldap", "slapd_group ldap")? Chicken and egg problem?