From: Howard Chu Date: Thu, 23 Dec 2010 22:03:49 +0000 (+0000) Subject: ITS#6681 fix examples. Hopefully admins are smart enough to insert X-Git-Tag: MIGRATION_CVS2GIT~336 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=38d9e22b00cbf28648da453a610d23e534e1055b;p=openldap ITS#6681 fix examples. Hopefully admins are smart enough to insert the correct uid themselves. --- diff --git a/doc/guide/admin/appendix-common-errors.sdf b/doc/guide/admin/appendix-common-errors.sdf index 124853b5c0..9872917bce 100644 --- a/doc/guide/admin/appendix-common-errors.sdf +++ b/doc/guide/admin/appendix-common-errors.sdf @@ -532,7 +532,8 @@ beyond reach of intruders. That's why the default keytab file is owned by root and protected from being read by others. Do not mess with these permissions, build a different keytab -file for slapd instead. +file for slapd instead, and make sure it is owned by the user that slapd +runs as. To do this, start kadmin, and enter the following commands: @@ -541,7 +542,7 @@ To do this, start kadmin, and enter the following commands: Then, on the shell, do: -> chown ldap.ldap /etc/openldap/ldap.keytab +> chown ldap:ldap /etc/openldap/ldap.keytab > chmod 600 /etc/openldap/ldap.keytab Now you have to tell slapd (well, actually tell the gssapi library in Kerberos 5 @@ -636,9 +637,9 @@ values of . H3: ldap_*: Internal (implementation specific) error (80) - additional info: entry index delete failed This seems to be related with wrong ownership of the BDB's dir (/var/lib/ldap) -and files. +and files. The files must be owned by the user that slapd runs as. -> chmod -R openldap:openldap /var/lib/ldap +> chown -R ldap:ldap /var/lib/ldap fixes it in Debian