8 Dec
2017
8 Dec
'17
3:35 a.m.
akram.benaissi@gmail.com wrote:
Full_Name: Akram Ben Aissi Version: 1.1.10 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (77.154.204.242)
Hi,
We want to run OpenLDAP in containers without root privilege, nor root user id. Actually, we start it with user uid=100000009, gid=0 And we do proper chgrp 0 and chmod 0770 on require directories.
Because of this: https://github.com/winlibs/openldap/blob/master/servers/slapd/user.c#L158
we have that: Could not set real user id to 100000009
It would be better to check that setuid is required only if asked user is different from actual user.
Does it make sense ?
No. Just start slapd without specifying a userID.
Closing this ITS.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
2325
Age (days ago)
2325
Last active (days ago)
0 comments
1 participants
participants (1)
-
hyc@symas.com