On Fri, Sep 11, 2009 at 2:27 AM, Howard Chu <hyc(a)symas.com> wrote:
Asimananda Mohanty wrote:
> I just changed the permission level of /etc/sasldb2 from 640 to 644 and
> the command "ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com
> uid=asimananda" started working fine.
Generally that's a bad idea, since it exposes all of your SASL passwords to
anyone who can access that machine or filesystem. Instead you should just
make sure that slapd is running as a user that belongs to the same group as
the sasldb file, or is the owner of the file.
The default group of /etc/sasldb2 should be sasl. Thus adding the
openldap user to the sasl group should fix the problem without having
to change permissions:
$ adduser openldap sasl
Ubuntu Developer http://www.ubuntu.com