[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reg OpenLdap on Ubuntu



Hi,

On Fri, Sep 11, 2009 at 2:27 AM, Howard Chu <hyc@symas.com> wrote:
> Asimananda Mohanty wrote:
>> I just changed the permission level of /etc/sasldb2 from 640 to 644 and
>> the command "ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com
>> uid=asimananda" started working fine.
>
> Generally that's a bad idea, since it exposes all of your SASL passwords to
> anyone who can access that machine or filesystem. Instead you should just
> make sure that slapd is running as a user that belongs to the same group as
> the sasldb file, or is the owner of the file.

The default group of /etc/sasldb2 should be sasl. Thus adding the
openldap user to the sasl group should fix the problem without having
to change permissions:

  $ adduser openldap sasl

--
Mathias Gug
Ubuntu Developer  http://www.ubuntu.com