Aaron Richton richton@nbcs.rutgers.edu wrote:
This is a concrete case of improvement: "slapd should not be silent on EACCES (or others)."
Well, it's not silent: it sends an error to the logs.
The oddity here is that there are two functionalities blent into the same program: the LDAP server and the slapd.conf to slapd.d converter. Moreover, it seems the latter cannot be used without launching the former.
The choice for that is obvious: the config parser is in slapd, so slapd is used for conversion. But it has drawbacks, since when one want to perform the conversion, slapd will usually be already running. So you have to use -h so that you don't fail because the address is already in use, you have to use -u to run as the usual slapd UID so that you don't fail on reading the certificates, and so on. I'm not sure how this could be quickly explained in slapd(8)