Changeset 6b52571 for server/other
- Timestamp:
- 03/26/2015 09:28:49 PM (9 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 698293c
- Parents:
- f515c0c
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
server/other/openldap.xml
rf515c0c r6b52571 76 76 <para> 77 77 Required patch: 78 <ulink url="&patch-root;/openldap-&openldap-version;-blfs_paths-1.patch"/> 79 </para> 80 </listitem> 81 <listitem> 82 <para> 83 Required patch: 84 <ulink url="&patch-root;/openldap-&openldap-version;-symbol_versions-1.patch"/> 78 <ulink url="&patch-root;/openldap-&openldap-version;-consolidated-1.patch"/> 85 79 </para> 86 80 </listitem> … … 123 117 </para> 124 118 125 <screen><userinput>patch -Np1 -i ../openldap-&openldap-version;-blfs_paths-1.patch && 126 patch -Np1 -i ../openldap-&openldap-version;-symbol_versions-1.patch && 119 <screen><userinput>patch -Np1 -i ../openldap-&openldap-version;-consolidated-1.patch && 127 120 autoconf && 128 121 … … 145 138 146 139 <warning> 147 <para>If upgrading from a previos installation that used Berkel y DB as140 <para>If upgrading from a previos installation that used Berkeley DB as 148 141 the backend, you will need to dump the database(s) using the 149 142 <command>slapcat</command> utility, relocate all files in … … 173 166 </para> 174 167 175 <screen><userinput>patch -Np1 -i ../openldap-&openldap-version;-blfs_paths-2.patch && 176 patch -Np1 -i ../openldap-&openldap-version;-symbol_versions-1.patch && 168 <screen><userinput>patch -Np1 -i ../openldap-&openldap-version;-consolidated-1.patch && 177 169 autoconf && 178 170 … … 212 204 <screen role="root"><userinput>make install && 213 205 214 chmod -v 700 /var/lib/openldap&&215 chown -v -R ldap:ldap /var/lib/openldap&&216 chmod -v 640 /etc/openldap/slapd.{conf,ldif}&&206 install -v -dm700 -o ldap -g ldap /var/lib/openldap && 207 install -v -dm700 -o ldap -g ldap /etc/openldap/slapd.d && 208 chmod -v 640 /etc/openldap/slapd.{conf,ldif} && 217 209 chown -v root:ldap /etc/openldap/slapd.{conf,ldif} && 218 sed 's@bdb@mdb@g' -i /etc/openldap/slapd.conf && 219 install -v -dm700 -o ldap -g ldap /etc/openldap/slapd.d && 220 221 install -v -dm755 /usr/share/doc/openldap-&openldap-version; && 222 cp -vfr doc/drafts /usr/share/doc/openldap-&openldap-version; && 223 cp -vfr doc/rfc /usr/share/doc/openldap-&openldap-version; && 224 cp -vfr doc/guide /usr/share/doc/openldap-&openldap-version;</userinput></screen> 225 226 <para> 227 Having slapd configuration files and ldap databases in /var/lib/openldap 228 readable by anyone is a SECURITY ISSUE, especially since a file stores 229 admin password in PLAIN TEXT. That's why mode 640 and root:ldap ownership 230 were used. Owner is root, so only root can modify the file, and group is 231 ldap, so that the group which owns slapd daemon could read but not modify 232 the file in case of a security breach. 233 </para> 210 211 install -v -dm755 /usr/share/doc/openldap-&openldap-version; && 212 cp -vfr doc/{drafts,rfc,guide} /usr/share/doc/openldap-&openldap-version;</userinput></screen> 234 213 235 214 </sect2> … … 309 288 </para> 310 289 311 <para>312 <command>sed 's@bdb@mdb@g' -i /etc/openldap/slapd.conf</command>: This313 command changes the default backend from the deprecated Berkely DB314 (which was not included in the available backends) to LMDB as is315 recommended by the OpenLDAP developers.316 </para>317 318 290 <note> 319 291 <para> … … 323 295 </para> 324 296 </note> 297 298 <para> 299 <command>install ...</command>, <command>chown ...</command>, 300 and <command>chmod ...</command>: 301 Having slapd configuration files and ldap databases in /var/lib/openldap 302 readable by anyone is a SECURITY ISSUE, especially since a file stores the 303 admin password in PLAIN TEXT. That's why mode 640 and root:ldap ownership 304 were used. The owner is root, so only root can modify the file, and group is 305 ldap, so that the group which owns slapd daemon could read but not modify 306 the file in case of a security breach. 307 </para> 325 308 326 309 </sect2> … … 384 367 <listitem> 385 368 <para> 386 The <ulink url="http://www.openldap.org/doc/admin24/"> 387 OpenLDAP 2.4 Administrator's Guide</ulink>388 (also installed locally in<filename class='directory'>369 The <ulink url="http://www.openldap.org/doc/admin24/"> OpenLDAP 2.4 370 Administrator's Guide</ulink> (also installed locally in 371 <filename class='directory'> 389 372 /usr/share/doc/openldap-&openldap-version;/guide/admin</filename>). 390 373 </para> … … 462 445 # 463 446 # LDAPv3 464 # base <> with scope base 447 # base <> with scope baseObject 465 448 # filter: (objectclass=*) 466 449 # requesting: namingContexts
Note:
See TracChangeset
for help on using the changeset viewer.