Commit 4c2aea09 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#9639 - Document chroot requirements for slapd.

Thanks to dpa-openldap@aegee.org
parent 66c62841
Pipeline #3585 passed with stage
in 46 minutes and 50 seconds
......@@ -251,7 +251,13 @@ used as a security mechanism, it should be used in conjunction with
.B \-u
and
.B \-g
options.
options. The chroot environment must contain the Cyrus SASL plugins, the
TLS certificates, and dev/urandom. For Kerberos V: the keytab and the
/var/tmp directory, unless the value of the variable KRB5RCACHEDIR is
changed. For the systemd service with type=notify the file
/run/systemd/notify within the chroot must be bind-mounted to
/run/systemd/notify outside the chroot. The file can be mounted on
ExecStartPre= and unmounted in ExecStartPost=.
.TP
.BI \-u \ user
.B slapd
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment