[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reg OpenLdap on Ubuntu

To: Asimananda Mohanty <asimananda.mohanty@gmail.com>
Subject: Re: Reg OpenLdap on Ubuntu
From: Mathias Gug <mathiaz@ubuntu.com>
Date: Fri, 11 Sep 2009 10:31:50 -0400
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to:cc :content-type; bh=nfV0Q4ItzpPWApZdEwa3500+cNlMuMzFVkLF4kU2sPU=; b=WN3KehZ3FGiVypZkhgtRIevJW5vtMBladCpOx5rJUC7GCrOu4tmXYGboEAhTMYP798 FgYLblIuzDW9Oz08Ozcwm3ohOAKu3CsNTU5IuavR0OAclL33VgGw4mK1FRJpYpKUYJ68 5e0fpVaUFKer0PPis5/jmIWR32DedqvOGc4vM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=jntLHAKzssmlEgDoZvO7MyAPncB09XEpnLFIGjwxcQBR8YtZMG6o/5hQot8JkhQSun udGvsKlnPhy82NxXLDLcUlH0TFa2iEwBmA2VybdF7QA/7FaqyYsskQBueMAQWtGeBeg6 v5Lb/A+gsE45wzeJ17QZHEgS5Cx9/DMdiMkoU=
In-reply-to: <4AA9EDEB.5070409@symas.com>
References: <d375fb280907100400o26cc0aebo4d964a21c1c16e0f@mail.gmail.com> <4A645BB8.7080304@stroeder.com> <d375fb280907200508t930906bmf1e40468e54323@mail.gmail.com> <9d16b5480907220812v69750520m1609fd7f860b4b4b@mail.gmail.com> <d375fb280907222231v254eeb67k68e618a05f637619@mail.gmail.com> <9d16b5480907230701m4f9960ees45787656b23e6743@mail.gmail.com> <d375fb280908310349j46502da7nd82ad898000d12fa@mail.gmail.com> <9d16b5480908310629n1d6558a4hf3c99b5c9ba34d51@mail.gmail.com> <d375fb280909102319g123c540cm38bd8dc67d91c1e7@mail.gmail.com> <4AA9EDEB.5070409@symas.com>

Hi,

On Fri, Sep 11, 2009 at 2:27 AM, Howard Chu <hyc@symas.com> wrote:
> Asimananda Mohanty wrote:
>> I just changed the permission level of /etc/sasldb2 from 640 to 644 and
>> the command "ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com
>> uid=asimananda" started working fine.
>
> Generally that's a bad idea, since it exposes all of your SASL passwords to
> anyone who can access that machine or filesystem. Instead you should just
> make sure that slapd is running as a user that belongs to the same group as
> the sasldb file, or is the owner of the file.

The default group of /etc/sasldb2 should be sasl. Thus adding the
openldap user to the sasl group should fix the problem without having
to change permissions:

  $ adduser openldap sasl

--
Mathias Gug
Ubuntu Developer  http://www.ubuntu.com

Follow-Ups:
- Re: Reg OpenLdap on Ubuntu
  - From: Asimananda Mohanty <asimananda.mohanty@gmail.com>

References:
- Re: Reg OpenLdap on Ubuntu
  - From: Asimananda Mohanty <asimananda.mohanty@gmail.com>
- Re: Reg OpenLdap on Ubuntu
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: What could cause a ber_flush errno=11?
Next by Date: Limiting finger lookup access on Linux
Index(es):
- Chronological
- Thread