Date: Thu, 24 Feb 2000 23:37:39 +1100 From: "Lachlan O'Dea" <lodea@vet.com.au> To: Roman Shterenzon <roman@xpert.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: LDAP -- offtopic Message-ID: <20000224233738.F19606@vet.com.au> In-Reply-To: <Pine.GSO.4.21.0002241102420.25545-100000@sun262.hai.iec.co.il>; from roman@xpert.com on Thu, Feb 24, 2000 at 11:06:24AM %2B0200 References: <Pine.GSO.4.21.0002241102420.25545-100000@sun262.hai.iec.co.il>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 24, 2000 at 11:06:24AM +0200, Roman Shterenzon wrote: > Hello, > This is way offtopic question, but perhaps someone could help me; > > Is it possible to run OpenLDAP as unpriviledged user? e.g. nobody. > Since it needs 389 port, it's needed to be started as root, but I was > unable to find any configuration parameters to specify seteuid() afterwards. > It's possbile to do that with ipnat, but I would prefer straight forward > solution. I believe slapd will always run under the uid it was started with. Unless you are able to use a port > 1023, I think you're stuck with running it as root. You might get a better answer from the openldap-software list (see www.openldap.org). The current release of OpenLDAP is from a very stable code branch. I don't think you have much to worry about from a security point of view. Lots of folks run public slapd servers. -- Lachlan O'Dea <mailto:lodea@vet.com.au> Computer Associates Pty Ltd Webmaster Vet - Anti-Virus Software http://www.vet.com.au/ "Our species needs, and deserves, a citizenry with minds wide awake and a basic understanding of how the world works." - Carl Sagan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000224233738.F19606>