On Mon, 2007-02-19 at 14:08 -0800, Pete Rowley wrote: > This is a feature that exists in OpenLDAP (but has no RFC that I am aware of). > Heimdal uses this feature exclusively for its directory interactions (making it > incompatible with other LDAP directories), and Samba testing is often performed > over unix domain sockets (a convenience for them). There are advantages: no TCP > overhead for local connections, the ability to test for the OS level user > credentials, and AFAIK, an unsniffable transport without additional > requirements. On that last point, I welcome arguments to the contrary. > > The socket file is created as var/run/fedora-ds/slapd-<instance>.socket by > default, but this can be modified in configuration. I'm actually not sure where > the best place to put this is since access control along the path to the socket > matters. The socket itself is chmodded to give rw to owner, groups, and other by > the server upon creation. How do I change this location? What are the configuration parameters? It seems to be: + fprintf(f, "nsslapd-ldapifilepath: %s/%s-%s.socket\n", cf->run_dir, PRODUCT_NAME, cf->servid); + fprintf(f, "nsslapd-ldapilisten: on\n"); + fprintf(f, "nsslapd-ldapiautobind: on\n"); But some clarification would be useful. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
Attachment:
signature.asc
Description: This is a digitally signed message part
-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
