I have some installations of Fedora Directory Server (FDS) running as the user
nobody. It is generally preferred that services like FDS run under a dedicated user and certainly not the
nobody account. The user is configured during an initial scripted interactive setup but I wanted to change the user for the existing installations. I could not find a how-to for doing this (though did not look very hard) so I did a new installation on a beater box and during setup configured it to run as user
ldapperuser and group
ldappergroup. I used this installation to experiment with reconfiguring the user.
I shutdown the slapd service and changed ownership of the files owned by
find /opt/fedora-ds -user ldapperuser | xargs chown ldap find /opt/fedora-ds -group ldappergroup | xargs chgrp ldap
By grep’ing for the silly user and group names I found these text files needed to be edited to change the user and/or group.
/opt/fedora-ds/admin-serv/config/console.conf /opt/fedora-ds/shared/config/ssusers.conf /opt/fedora-ds/slapd-pepper/config/dse.ldif
I restarted the slapd process and confirmed in a process list that it was running as the new user.
Finally, I exported the entire directory to an ldif file and grep’ed it for the user and group names. There I found that I needed to change the
nsSuiteSpotUser attribute in
"cn=slapd-pepper, cn=Fedora Directory Server, cn=Server Group, cn=pepper.crashingdaily.com, ou=crashingdaily.com, o=NetscapeRoot"
I made this change to
nsSuiteSpotUser via the Admin console.
There may very well be an official way to change the user for an installed FDS but this brute force method is simple enough.