15 Aug
2008
15 Aug
'08
5:02 p.m.
Howard Chu hyc@symas.com writes:
Ben Wailea, openldap-software wrote:
msgs crossed in the mail, but seems to be the case.
again, any issues/problems running openldap as ldap:root, or root:root?
or is it 'better' to just make copies of the certs, chown the copies to ldap:ldap, and live with multiple instances?
Personally I would put ldap and apache into a group and make the key readable to that specific group.
Debian, for example, handles cert management by creating an ssl-cert group and making private keys of certs in /etc/ssl/certs readable by that group by default, so you can then add the system users for any software that needs to read private SSL keys to the ssl-cert group.
--
Russ Allbery (rra@stanford.edu) http://www.eyrie.org/~eagle/