Andrew Bartlett wrote:
On Mon, 2007-02-19 at 14:08 -0800, Pete Rowley wrote:
> This is a feature that exists in OpenLDAP (but has no RFC that I am aware of).
> Heimdal uses this feature exclusively for its directory interactions (making it
> incompatible with other LDAP directories), and Samba testing is often performed
> over unix domain sockets (a convenience for them). There are advantages: no TCP
> overhead for local connections, the ability to test for the OS level user
> credentials, and AFAIK, an unsniffable transport without additional
> requirements. On that last point, I welcome arguments to the contrary.
>
> The socket file is created as var/run/fedora-ds/slapd-<instance>.socket by
> default, but this can be modified in configuration. I'm actually not sure where
> the best place to put this is since access control along the path to the socket
> matters. The socket itself is chmodded to give rw to owner, groups, and other by
> the server upon creation.
>
How do I change this location? What are the configuration parameters?
It seems to be:
+ fprintf(f, "nsslapd-ldapifilepath: %s/%s-%s.socket\n", cf->run_dir,
PRODUCT_NAME, cf->servid);
+ fprintf(f, "nsslapd-ldapilisten: on\n");
+ fprintf(f, "nsslapd-ldapiautobind: on\n");
But some clarification would be useful.
Those attributes are set in the cn=config entry, ldapsearch -x -D
"cn=Directory Manager" -w yourpasswd -b "cn=config" -s base
"(objectclass=*)"
You can modify them over ldap.
nsslapd-ldapifilepath = full path of socket file
nsslapd-ldapilisten = off/on to actually do ldapi at all
nsslapd-ldapiautobind = off/on enforce OS authentication
--
Pete