diff options
author | Kai Wohlfahrt <kai.wohlfahrt@gmail.com> | 2022-06-05 00:52:54 +0100 |
---|---|---|
committer | Jörg Thalheim <joerg@thalheim.io> | 2022-06-29 19:59:29 +0200 |
commit | fd7d901133f9fbfc893cdb33f7d630846bb21f9c (patch) | |
tree | ee1d9cd08070f49c53e473b2315f45fedf6f39c4 /nixos/tests/openldap.nix | |
parent | 38ead944cee78c8ee5543067b3ec839bbb36eed6 (diff) |
openldap: run under systemd-defined user/group
This improves security, by starting the service as an unprivileged user, rather than starting as root and relying on the service to drop privileges. This requires a significant cleanup of pre-init scripts, to make use of StateDirectory and RuntimeDirectory for permissions.
Diffstat (limited to 'nixos/tests/openldap.nix')
-rw-r--r-- | nixos/tests/openldap.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/tests/openldap.nix b/nixos/tests/openldap.nix index 13afe166b9bf1..43d5e0d4a1a2e 100644 --- a/nixos/tests/openldap.nix +++ b/nixos/tests/openldap.nix @@ -43,7 +43,7 @@ in { attrs = { objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; olcDatabase = "{1}mdb"; - olcDbDirectory = "/var/db/openldap"; + olcDbDirectory = "/var/lib/openldap/db"; olcSuffix = "dc=example"; olcRootDN = { # cn=root,dc=example |