Update openldap to run slapd as ldap user
| Reported by: |
unit12@… |
Owned by: |
macports-tickets@… |
|
Priority:
|
Normal
|
Milestone:
|
|
|
Component:
|
ports
|
Version:
|
|
|
Keywords:
|
|
Cc:
|
markd@…
|
|
Port:
|
|
|
|
The current openldap port runs slapd as root. This slightly surprised me since I'd just installed mysql and postgres, which each have their own users and groups.
For consistency and security, it might be better to run slapd as the ldap user that is created during install.
The changes would be:
- Update etc/rc.d/slapd.sh to provide the -u and -g flags.
- Set permissions on etc/openldap/slapd.conf to be accessible by ldap user
- Create var/run/openldap directory, owned by ldap user, to store databases
- Update default slapd.conf to store pid and args files in var/run/openldap, since var/run isn't writable by the ldap user.
Change History (5)
| Milestone: |
→ Available Ports
|
| Milestone: |
Available Ports →
Port Updates
|
| Cc: |
markd@… added
|
| Resolution: |
→ duplicate
|
| Status: |
new →
closed
|
| Milestone: |
Port Updates →
Port Enhancements
|
| Priority: |
Expected →
Normal
|
| Version: |
1.2
|
| Milestone: |
Port Enhancements
|
Fix attached to #11659. Closing this as duplicate.