On 10/20/21 09:43, Bastian Tweddell wrote:
On 19Oct21 18:17+0200, Michael Ströder wrote:
Find below ae-slapd.service generated by Æ-DIR's ansible role.
PIDFile=/run/ae-dir/slapd/slapd.pid
still need a pidfile?
Probably not.
(I'm also following the current discussion on systemd-devel list.)
ExecStart=/usr/lib64/slapd -d none -n ae-slapd -l LOCAL4 -s 7 -f /opt/ae-dir/etc/openldap/slapd.conf -h 'ldapi://%%2Frun%%2Fae-dir%%2Fslapd%%2Fldapi/????x-mod=0777 ldap://*:389 ldaps://*:636' -o slp=off
listening plaintext on all interfaces might be discouraged.
But using StartTLS has to be possible. Æ-DIR does not allow any clear-text connections because slapd.conf contains:
security ssf=128
LimitNOFILE=96
this could be too low, depending on use case. it limits nr of incoming connections.
Yes, a deliberately slow test value, see my other answer.
Ciao, Michael.