When running directory server in a container it often will not run as root for security reasons. We also run under dirsrv for testing on some of the developer laptops.
We currently allow uid/gid 0 to map to cn=Directory Manager over ldapi, but it would be valuable if the uid/gid of the current running ns-slapd process also mapped to directory server for these environments.
sh-5.0$ ps aux | grep -i slapd dirsrv 40625 21.2 16.6 21475841196 672220 pts/0 Sl+ 11:48 0:03 /opt/dirsrv/sbin/ns-slapd -D /opt/dirsrv/etc/dirsrv/slapd-localhost -d 266354688 william 40668 0.0 0.0 3176 780 pts/1 S+ 11:48 0:00 grep -i slapd sh-5.0$ sudo -u dirsrv -s dirsrv@ldapkdc:/home/william/development> ldapwhoami -H ldapi://%2fdata%2frun%2fslapd-localhost.socket SASL/EXTERNAL authentication started ldap_sasl_interactive_bind_s: Inappropriate authentication (48) additional info: SASL EXTERNAL bind requires an SSL connection
Expected, this should map to cn=Directory Manager.
Metadata Update from @firstyear: - Custom field origin adjusted to None - Custom field reviewstatus adjusted to None - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/3632
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: fixed)
Login to comment on this ticket.