openldap: run under systemd-defined user/group

This improves security, by starting the service as an unprivileged user, rather than starting as root and relying on the service to drop privileges. This requires a significant cleanup of pre-init scripts, to make use of StateDirectory and RuntimeDirectory for permissions.
author: Kai Wohlfahrt <kai.wohlfahrt@gmail.com> 2022-06-05 00:52:54 +0100
committer: Jörg Thalheim <joerg@thalheim.io> 2022-06-29 19:59:29 +0200
commit: fd7d901133f9fbfc893cdb33f7d630846bb21f9c (patch)
tree: ee1d9cd08070f49c53e473b2315f45fedf6f39c4 /nixos/tests/openldap.nix
parent: 38ead944cee78c8ee5543067b3ec839bbb36eed6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/tests/openldap.nix b/nixos/tests/openldap.nix
index 13afe166b9bf1..43d5e0d4a1a2e 100644
--- a/nixos/tests/openldap.nix
+++ b/nixos/tests/openldap.nix
@@ -43,7 +43,7 @@ in {
               attrs = {
                 objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
                 olcDatabase = "{1}mdb";
-                olcDbDirectory = "/var/db/openldap";
+                olcDbDirectory = "/var/lib/openldap/db";
                 olcSuffix = "dc=example";
                 olcRootDN = {
                   # cn=root,dc=example
author	Kai Wohlfahrt <kai.wohlfahrt@gmail.com>	2022-06-05 00:52:54 +0100
committer	Jörg Thalheim <joerg@thalheim.io>	2022-06-29 19:59:29 +0200
commit	fd7d901133f9fbfc893cdb33f7d630846bb21f9c (patch)
tree	ee1d9cd08070f49c53e473b2315f45fedf6f39c4 /nixos/tests/openldap.nix
parent	38ead944cee78c8ee5543067b3ec839bbb36eed6 (diff)