pedrorandrade@gmail.com wrote:

One workaround is issuing 'sudo -u openldap slapadd ...' to avoid chown'ing afterwards.

What you call a workaround is actually The Right Thing (TM). There is no way to setuid() tools simply because there's no need to, as they can be run with the right identity. The only reason slapd can be setuid() is that it needs to start as root in order to bind to port 389, and **then** setuid() before doing anything else. Running programs as the correct user is normal UNIX administration - or should OpenLDAP also document ls, rm, ...?

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------