[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Reg OpenLdap on Ubuntu
Hi,
On Fri, Sep 11, 2009 at 2:27 AM, Howard Chu <hyc@symas.com> wrote:
> Asimananda Mohanty wrote:
>> I just changed the permission level of /etc/sasldb2 from 640 to 644 and
>> the command "ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com
>> uid=asimananda" started working fine.
>
> Generally that's a bad idea, since it exposes all of your SASL passwords to
> anyone who can access that machine or filesystem. Instead you should just
> make sure that slapd is running as a user that belongs to the same group as
> the sasldb file, or is the owner of the file.
The default group of /etc/sasldb2 should be sasl. Thus adding the
openldap user to the sasl group should fix the problem without having
to change permissions:
$ adduser openldap sasl
--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com