On Mon, 2007-02-19 at 14:08 -0800, Pete Rowley wrote:
This is a feature that exists in OpenLDAP (but has no RFC that I am
aware of).
Heimdal uses this feature exclusively for its directory interactions (making it
incompatible with other LDAP directories), and Samba testing is often performed
over unix domain sockets (a convenience for them). There are advantages: no TCP
overhead for local connections, the ability to test for the OS level user
credentials, and AFAIK, an unsniffable transport without additional
requirements. On that last point, I welcome arguments to the contrary.
The socket file is created as var/run/fedora-ds/slapd-<instance>.socket by
default, but this can be modified in configuration. I'm actually not sure where
the best place to put this is since access control along the path to the socket
matters. The socket itself is chmodded to give rw to owner, groups, and other by
the server upon creation.
How do I change this location? What are the configuration parameters?
It seems to be:
+ fprintf(f, "nsslapd-ldapifilepath: %s/%s-%s.socket\n", cf->run_dir,
PRODUCT_NAME, cf->servid);
+ fprintf(f, "nsslapd-ldapilisten: on\n");
+ fprintf(f, "nsslapd-ldapiautobind: on\n");
But some clarification would be useful.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team
http://samba.org
Samba Developer, Red Hat Inc.
http://redhat.com