2008/507 [ OpenLDAP for OpenSolaris]
Glenn Skinner
glenn.skinner at sun.com
Thu Aug 7 15:16:39 PDT 2008
Date: Wed, 06 Aug 2008 22:02:05 -0700 (PDT)
From: Nicolas Williams <nw141292 at sac.sfbay.sun.com>
Subject: OpenLDAP for OpenSolaris [PSARC/2008/507 FastTrack
timeout 07/13/2008]
...
2.5 SMF Manifest and Runtime behavior
This project proposes to provide a SMF manifest, disabled by
default, for the OpenLDAP slapd server. The slapd server has
the ability to change it's user and group and run as a
non-privileged user after binding listener sockets to the
privileged LDAP port(s). Generally slapd is run as user
openldap and group openldap. The SMF manifest will start
slapd as root and with privileges but configured to become
openldap:openldap; slapd will retain basic privileges.
This project proposes to update the following databases to
provide the the necessary dummy openldap user and group
entries:
Database Entry
-------- -----
/etc/passwd openldap:x:75:75:OpenLDAP User:/:
/etc/shadow openldap:*LK*:::::::
/etc/group openldap::75:
Is it really necessary to allocate another user:group pair from our
dwindling stock of reserved values? Would it be possible to share one
of the already allocated entries from the reserved part of the name
space?
-- Glenn
More information about the opensolaris-arc
mailing list