From Fedora Directory Server
[edit]
How to change the uid starting and running the directory server
Tested with:
redhat-ds-7.1SP3-5.RHEL4.rpm on RHEL4U5 fedora-ds-1.0.4-1.Linux on FC6
Stop the server:
<server-root>/slapd-<instance-name>/stop-slapd
Change your key and cert file ownerships:
chown <some-uid>:<some-group> /<server-root>/alias/slapd-<instance-name>-*
ls -l <server-root>/alias/slapd-<instance-name>-* -rw------- 1 <some-uid> <some-gid> 65536 Jul 20 08:35 <server-root>/alias/slapd-<instance-name>-cert8.db -rw------- 1 <some-uid> <some-gid> 16384 Jul 20 08:35 <server-root>/alias/slapd-<instance-name>-key3.db
Save or backup your <server-root>/slapd-<instance-name> and alias directories
Change all file permissions both for data and for configuration files:
ls -laR bak changelogdb confbak config db dsml ldif locks logs |less
chown -R <some-uid>:<some-gid> bak changelogdb confbak config db dsml ldif locks logs
Edit dse.ldif and update nssldap-localuser to the user you want to run as:
vi config/dse.ldif # nsslapd-localuser: nobody nsslapd-localuser: <some-uid>
Restart the server:
tail -f <server-root>/slapd-<instance-name>/logs/errors &
<server-root>/slapd-<instance-name>/start-slapd
Fedora-Directory/1.0.4 B2006.312.1539
<some-fqdm-hostname>:389 (<server-root>/slapd-<instance-name>)
[01/Aug/2007:15:37:08 -0700] - Fedora-Directory/1.0.4 B2006.312.1539 starting up
[01/Aug/2007:15:37:08 -0700] - slapd started. Listening on All Interfaces port 389 for LDAP requests
Verification:
lsof -i :389 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME ns-slapd 5926 <some-uid> 6u IPv4 19962 TCP *:ldap (LISTEN)
export LD_LIBRARY_PATH=/opt/redhat-ds/shared/lib/ /opt/redhat-ds/shared/bin/ldapsearch -b
