Date: 11-04-2022

By default, the slapd process will run as the root user and listen on ldap:/// and ldapi:///

To change these settings requires making a systemd override file. Use a text editor to create the symas-openldap override file /etc/default/symas-openldap. 

Options that can be overridden:

• SLAPD_URLS - URLS to listen on
• SLAPD_OPTIONS - Additional options to pass to slapd, including user and group

Add the following:

SLAPD_URLS="ldap:/// ldaps:///"
SLAPD_OPTIONS="-u root -g root"

The example above enables the default ports for ldap (389) and ldaps (636). It ensures that the slapd process will run under the system's ‘root’ user/group authority.

Save the recently created file, and set permissions on the file for read/write (owner), read (everyone else):

chmod 644 /etc/default/symas-openldap

Restart slapd:

sudo systemctl restart slapd

If you need to specify a port or change the user and group slapd runs as, make the following adjustment.

SLAPD_URLS="ldap://:1389/ ldaps://:1636/ ldapi:///" 
SLAPD_OPTIONS="-u ldap -g ldap"

In the example above, ldap is set to use port 1389 and ldaps is set to use port 1636. You may adjust the port as needed. The slapd process will now run with ‘ldap’ user/group authority.