[Pkg-openldap-devel] Bug#432662: Bug#432662: Bug#432662: slapd.conf group not openldap
Steve Langasek
vorlon at debian.org
Wed Nov 14 22:18:35 UTC 2007
On Sun, Nov 11, 2007 at 05:19:48PM -0800, Russ Allbery wrote:
> Steve Langasek <vorlon at debian.org> writes:
> > On Wed, Jul 11, 2007 at 06:56:15PM +1000, Trent W. Buck wrote:
> >> slapd runs as the user openldap, so naturally I tried
> >> $ sudo -u openldap slapindex
> >> could not open config file "/etc/ldap/slapd.conf": Permission denied (13)
> >> slapindex: bad configuration file!
> >> I check the config file:
> >> $ ls -l /etc/ldap/slapd.conf
> >> -rw------- 1 root root 4366 2007-07-11 18:37 /etc/ldap/slapd.conf
> >> In #ldap on irc.freenode.net, _ranger_ told me that this file should be
> >> -rw-r----- 1 root openldap 4366 2007-07-11 18:37 /etc/ldap/slapd.conf
> >> This wouldn't be a problem if slapd ran as root, but apparently it
> >> runs as the user openldap by default.
> > Right, this is a bug; openldap needs to take care that the slapd.conf
> > file is created with permissions that allow reading by the openldap
> > user.
> We actually patch slapd to read the configuration file before dropping
> privileges. If we change the permissions on slapd.conf so that it's
> group-readable by openldap, we could also drop that patch, correct? I'd
> like to do that, to reduce divergence from upstream.
Sounds right to me.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
More information about the Pkg-openldap-devel
mailing list