Andrew Bartlett wrote:
Those attributes are set in the cn=config entry, ldapsearch -x -D "cn=Directory Manager" -w yourpasswd -b "cn=config" -s base "(objectclass=*)"On Mon, 2007-02-19 at 14:08 -0800, Pete Rowley wrote:This is a feature that exists in OpenLDAP (but has no RFC that I am aware of). Heimdal uses this feature exclusively for its directory interactions (making it incompatible with other LDAP directories), and Samba testing is often performed over unix domain sockets (a convenience for them). There are advantages: no TCP overhead for local connections, the ability to test for the OS level user credentials, and AFAIK, an unsniffable transport without additional requirements. On that last point, I welcome arguments to the contrary. The socket file is created as var/run/fedora-ds/slapd-<instance>.socket by default, but this can be modified in configuration. I'm actually not sure where the best place to put this is since access control along the path to the socket matters. The socket itself is chmodded to give rw to owner, groups, and other by the server upon creation.How do I change this location? What are the configuration parameters? It seems to be: + fprintf(f, "nsslapd-ldapifilepath: %s/%s-%s.socket\n", cf->run_dir, PRODUCT_NAME, cf->servid); + fprintf(f, "nsslapd-ldapilisten: on\n"); + fprintf(f, "nsslapd-ldapiautobind: on\n"); But some clarification would be useful.
You can modify them over ldap. nsslapd-ldapifilepath = full path of socket file nsslapd-ldapilisten = off/on to actually do ldapi at all nsslapd-ldapiautobind = off/on enforce OS authentication -- Pete
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
