slapd access to private key owned by root
I think the problem is probably unsolvable but I thought I'd ask.
I understand slapd starts as user root and reads config etc and then
changes to user openldap
This means that it could potentially read a private key owned by root
during startup?
The problem is when I try and configure private keys for ldap TLS the
permissions are checked and if it's not owned by openldap and
permissions 400 or 600 the configuration fails.
Is there a known solution to this problem?
My config:
apt show slapd ldap-utils
Package: slapd
Version: 2.4.57+dfsg-3+deb11u1
Package: ldap-utils
Version: 2.4.57+dfsg-3+deb11u1
Jeremy
Reply to: