Re: slapd access to private key owned by root
Hello,
On Sun, Mar 05, 2023 at 09:08:57AM +0800, jeremy ardley wrote:
> The problem is when I try and configure private keys for ldap TLS the
> permissions are checked and if it's not owned by openldap and permissions
> 400 or 600 the configuration fails.
>
> Is there a known solution to this problem?
My TLS key file is owned by the openldap user.
If for some reason you need it to not owned by that user (why?) then
I expect you could either:
- use group readability (i.e. make a group just for this, put openlad
user in that group ands set the key fiule group readable)
- use POSIX file acl so that openldap user can read TLS key file
regardless of file permissions
https://www.server-world.info/en/note?os=Debian_11&p=acl
I've not tried it for this specific case but I use it so that Exim
can read its TLS key in the same way, and that works fine.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: