--On Monday, October 23, 2006 6:48 PM +0200 Thorsten Schmidt <[EMAIL PROTECTED]> wrote:
Package: slapd Version: 2.3.27-1 Severity: Important Hello, I noticed that I (slapd? slapindex?) created some index files owned by root by accident after introducing new index-directives for samba in slapd.conf However, even if I've done terrible wrong by running slapindex as root, I strongly recommend showing a warning message if slapindex is up to produce an inconsistent database (database, that openldap is unable to read by debian defaults). Btw. I've set serverity: important, since inconsitent LDAP-DBs might cause system to fail as a whole. Feel free to set it to wishlist.
Well, the problem definitely stems from running slapindex as root, rather than as the openldap user. There is nothing actually wrong with the database that was created, simply fixing the permissions afterward should resolve any issues. If it is not already in the debian documentation, I would agree that it needs to be strongly advised that if one intends to use the slap* tools, then they need to do it as the same user as OpenLDAP is running as, or otherwise they'll run into these types of permissions issues. This really isn't that different from any number of other applications that run as their own user.
As a side note, I see that Debian has the BDB log files created in the same directory as the database. For optimal performance, such logs should be created on a separate disk or spindle. I'd imagine this should probably be documented as well. I generally store them in /var/log/bdb/, with /var/lib/ldap on its own disk.
--Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
