Commit 35aebadf authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#6681

parent 9fd0ad6f
......@@ -87,6 +87,7 @@ OpenLDAP 2.4.24 Engineering
Fixed slapd-tester filter initialization (ITS#6735)
Removed antiquated SunOS LWP support (ITS#6669)
Documentation
admin24 guide fix examples (ITS#6681)
admin24 guide typo fixes (ITS#6609)
admin24 guide refint rootdn requirement (ITS#6364)
ldap_open(3) document ldap_set_urllist_proc (ITS#6601)
......
......@@ -532,7 +532,8 @@ beyond reach of intruders.
That's why the default keytab file is owned by root and protected from being
read by others. Do not mess with these permissions, build a different keytab
file for slapd instead.
file for slapd instead, and make sure it is owned by the user that slapd
runs as.
To do this, start kadmin, and enter the following commands:
......@@ -541,7 +542,7 @@ To do this, start kadmin, and enter the following commands:
Then, on the shell, do:
> chown ldap.ldap /etc/openldap/ldap.keytab
> chown ldap:ldap /etc/openldap/ldap.keytab
> chmod 600 /etc/openldap/ldap.keytab
Now you have to tell slapd (well, actually tell the gssapi library in Kerberos 5
......@@ -636,9 +637,9 @@ values of <n>.
H3: ldap_*: Internal (implementation specific) error (80) - additional info: entry index delete failed
This seems to be related with wrong ownership of the BDB's dir (/var/lib/ldap)
and files.
and files. The files must be owned by the user that slapd runs as.
> chmod -R openldap:openldap /var/lib/ldap
> chown -R ldap:ldap /var/lib/ldap
fixes it in Debian
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment