[Fedora-directory-devel] Please Review: Add LDAPI (LDAP over unix domain sockets)
Andrew Bartlett
abartlet at samba.org
Fri Feb 23 05:55:52 UTC 2007
On Mon, 2007-02-19 at 14:08 -0800, Pete Rowley wrote:
> This is a feature that exists in OpenLDAP (but has no RFC that I am aware of).
> Heimdal uses this feature exclusively for its directory interactions (making it
> incompatible with other LDAP directories), and Samba testing is often performed
> over unix domain sockets (a convenience for them). There are advantages: no TCP
> overhead for local connections, the ability to test for the OS level user
> credentials, and AFAIK, an unsniffable transport without additional
> requirements. On that last point, I welcome arguments to the contrary.
>
> The socket file is created as var/run/fedora-ds/slapd-<instance>.socket by
> default, but this can be modified in configuration. I'm actually not sure where
> the best place to put this is since access control along the path to the socket
> matters. The socket itself is chmodded to give rw to owner, groups, and other by
> the server upon creation.
How do I change this location? What are the configuration parameters?
It seems to be:
+ fprintf(f, "nsslapd-ldapifilepath: %s/%s-%s.socket\n", cf->run_dir,
PRODUCT_NAME, cf->servid);
+ fprintf(f, "nsslapd-ldapilisten: on\n");
+ fprintf(f, "nsslapd-ldapiautobind: on\n");
But some clarification would be useful.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20070223/c3ddea92/attachment.sig>
More information about the Fedora-directory-devel
mailing list