ITS#6681 fix examples. Hopefully admins are smart enough to insert

the correct uid themselves.
2025-01-06 10:46:21 +08:00 · 2010-12-23 22:03:49 +00:00 · 2010-12-23 22:03:49 +00:00 · 38d9e22b00
commit 38d9e22b00
parent 56888eac30
1 changed files with 5 additions and 4 deletions
--- a/doc/guide/admin/appendix-common-errors.sdf
+++ b/doc/guide/admin/appendix-common-errors.sdf
@ -532,7 +532,8 @@ beyond reach of intruders.

 That's why the default keytab file is owned by root and protected from being 
 read by others. Do not mess with these permissions, build a different keytab 
-file for slapd instead.
+file for slapd instead, and make sure it is owned by the user that slapd
+runs as.

 To do this, start kadmin, and enter the following commands:

@ -541,7 +542,7 @@ To do this, start kadmin, and enter the following commands:

 Then, on the shell, do:

->     chown ldap.ldap /etc/openldap/ldap.keytab
+>     chown ldap:ldap /etc/openldap/ldap.keytab
 >     chmod 600 /etc/openldap/ldap.keytab 

 Now you have to tell slapd (well, actually tell the gssapi library in Kerberos 5 
@ -636,9 +637,9 @@ values of <n>.
 H3: ldap_*: Internal (implementation specific) error (80) - additional info: entry index delete failed

 This seems to be related with wrong ownership of the BDB's dir (/var/lib/ldap) 
-and files.
+and files. The files must be owned by the user that slapd runs as.

->    chmod -R openldap:openldap /var/lib/ldap 
+>    chown -R ldap:ldap /var/lib/ldap 

 fixes it in Debian