From owner-freebsd-questions  Thu Feb 24  4:38: 6 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from rivendell.mel.vet.com.au (rivendell.mel.vet.com.au [203.103.154.61])
	by hub.freebsd.org (Postfix) with ESMTP id 6B7D937BCA6
	for <freebsd-questions@FreeBSD.ORG>; Thu, 24 Feb 2000 04:38:01 -0800 (PST)
	(envelope-from lodea@vet.com.au)
Received: (from lodea@localhost)
	by rivendell.mel.vet.com.au (8.9.3/8.9.3) id XAA20310;
	Thu, 24 Feb 2000 23:37:39 +1100 (EST)
Date: Thu, 24 Feb 2000 23:37:39 +1100
From: "Lachlan O'Dea" <lodea@vet.com.au>
To: Roman Shterenzon <roman@xpert.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: LDAP -- offtopic
Message-ID: <20000224233738.F19606@vet.com.au>
Mail-Followup-To: Roman Shterenzon <roman@xpert.com>,
	freebsd-questions@FreeBSD.ORG
References: <Pine.GSO.4.21.0002241102420.25545-100000@sun262.hai.iec.co.il>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.4i
In-Reply-To: <Pine.GSO.4.21.0002241102420.25545-100000@sun262.hai.iec.co.il>; from roman@xpert.com on Thu, Feb 24, 2000 at 11:06:24AM +0200
X-Operating-System: FreeBSD 3.3-STABLE i386
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, Feb 24, 2000 at 11:06:24AM +0200, Roman Shterenzon wrote:
> Hello,
> This is way offtopic question, but perhaps someone could help me;
> 
> Is it possible to run OpenLDAP as unpriviledged user? e.g. nobody.
> Since it needs 389 port, it's needed to be started as root, but I was
> unable to find any configuration parameters to specify seteuid() afterwards.
> It's possbile to do that with ipnat, but I would prefer straight forward
> solution.

I believe slapd will always run under the uid it was started
with. Unless you are able to use a port > 1023, I think you're stuck
with running it as root. You might get a better answer from the
openldap-software list (see www.openldap.org).

The current release of OpenLDAP is from a very stable code branch. I
don't think you have much to worry about from a security point of
view. Lots of folks run public slapd servers.

-- 
Lachlan O'Dea <mailto:lodea@vet.com.au>   Computer Associates Pty Ltd
Webmaster                                   Vet - Anti-Virus Software
http://www.vet.com.au/

"Our species needs, and deserves, a citizenry with minds
wide awake and a basic understanding of how the world works."
- Carl Sagan



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message