From 35aebadfdddcb54affe69fca6806b1bc0d6fedff Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Tue, 4 Jan 2011 19:39:18 +0000
Subject: [PATCH] ITS#6681

---
 CHANGES                                    | 1 +
 doc/guide/admin/appendix-common-errors.sdf | 9 +++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 5888a89bd6..79c06e8170 100644
--- a/CHANGES
+++ b/CHANGES
@@ -87,6 +87,7 @@ OpenLDAP 2.4.24 Engineering
 		Fixed slapd-tester filter initialization (ITS#6735)
 		Removed antiquated SunOS LWP support (ITS#6669)
 	Documentation
+		admin24 guide fix examples (ITS#6681)
 		admin24 guide typo fixes (ITS#6609)
 		admin24 guide refint rootdn requirement (ITS#6364)
 		ldap_open(3) document ldap_set_urllist_proc (ITS#6601)
diff --git a/doc/guide/admin/appendix-common-errors.sdf b/doc/guide/admin/appendix-common-errors.sdf
index 124853b5c0..9872917bce 100644
--- a/doc/guide/admin/appendix-common-errors.sdf
+++ b/doc/guide/admin/appendix-common-errors.sdf
@@ -532,7 +532,8 @@ beyond reach of intruders.
 
 That's why the default keytab file is owned by root and protected from being 
 read by others. Do not mess with these permissions, build a different keytab 
-file for slapd instead.
+file for slapd instead, and make sure it is owned by the user that slapd
+runs as.
 
 To do this, start kadmin, and enter the following commands:
 
@@ -541,7 +542,7 @@ To do this, start kadmin, and enter the following commands:
 
 Then, on the shell, do:
 
->     chown ldap.ldap /etc/openldap/ldap.keytab
+>     chown ldap:ldap /etc/openldap/ldap.keytab
 >     chmod 600 /etc/openldap/ldap.keytab 
 
 Now you have to tell slapd (well, actually tell the gssapi library in Kerberos 5 
@@ -636,9 +637,9 @@ values of <n>.
 H3: ldap_*: Internal (implementation specific) error (80) - additional info: entry index delete failed
 
 This seems to be related with wrong ownership of the BDB's dir (/var/lib/ldap) 
-and files.
+and files. The files must be owned by the user that slapd runs as.
 
->    chmod -R openldap:openldap /var/lib/ldap 
+>    chown -R ldap:ldap /var/lib/ldap 
 
 fixes it in Debian
 
-- 
GitLab