Howard Chu <[EMAIL PROTECTED]> writes: > Ben Wailea, openldap-software wrote:
>> msgs crossed in the mail, but seems to be the case. >> again, any issues/problems running openldap as ldap:root, or root:root? >> or is it 'better' to just make copies of the certs, chown the copies to >> ldap:ldap, and live with multiple instances? > Personally I would put ldap and apache into a group and make the key > readable to that specific group. Debian, for example, handles cert management by creating an ssl-cert group and making private keys of certs in /etc/ssl/certs readable by that group by default, so you can then add the system users for any software that needs to read private SSL keys to the ssl-cert group. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>