Bug#394887: [Pkg-openldap-devel] Bug#394887: Index-Files are created
as root
Quanah Gibson-Mount
quanah at stanford.edu
Mon Oct 23 20:43:29 CEST 2006
--On Monday, October 23, 2006 6:48 PM +0200 Thorsten Schmidt
<meine_mailings at web.de> wrote:
> Package: slapd
> Version: 2.3.27-1
> Severity: Important
>
> Hello,
>
> I noticed that I (slapd? slapindex?) created some index files owned by
> root by accident after introducing new index-directives for samba in
> slapd.conf
>
> However, even if I've done terrible wrong by running slapindex as root, I
> strongly recommend showing a warning message if slapindex is up to
> produce an inconsistent database (database, that openldap is unable to
> read by debian defaults).
>
> Btw. I've set serverity: important, since inconsitent LDAP-DBs might
> cause system to fail as a whole. Feel free to set it to wishlist.
Well, the problem definitely stems from running slapindex as root, rather
than as the openldap user. There is nothing actually wrong with the
database that was created, simply fixing the permissions afterward should
resolve any issues. If it is not already in the debian documentation, I
would agree that it needs to be strongly advised that if one intends to use
the slap* tools, then they need to do it as the same user as OpenLDAP is
running as, or otherwise they'll run into these types of permissions
issues. This really isn't that different from any number of other
applications that run as their own user.
As a side note, I see that Debian has the BDB log files created in the same
directory as the database. For optimal performance, such logs should be
created on a separate disk or spindle. I'd imagine this should probably be
documented as well. I generally store them in /var/log/bdb/, with
/var/lib/ldap on its own disk.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Pkg-openldap-devel
mailing list