Note that the directory containing the replogfile as well as

the slurpd temporary directory should have limited read/write/execute access.
2025-12-30 11:39:34 -05:00 · 2000-10-16 22:19:29 +00:00 · 2000-10-16 22:19:29 +00:00 · 282b192474
commit 282b192474
parent 1fb923e6e2
2 changed files with 7 additions and 2 deletions
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@ -536,7 +536,9 @@ and read by
 .BR slurpd (8).
 See
 .BR slapd.replog (5)
-for more information.
+for more information.  The specified file should be located
+in a directory with limited read/write/execute access as the replication
+logs may contain sensitive information.
 .TP
 .B rootdn <dn>
 Specify the distinguished name that is not subject to access control 
--- a/doc/man/man8/slurpd.8
+++ b/doc/man/man8/slurpd.8
@ -82,7 +82,8 @@ Specifies the name of the
 replication logfile.  Normally, the name
 of the replication log file is read from the 
 .B slapd
-configuration file.
+configuration file.  The file should be located in a directory
+with limited read/write/execute access.
 The
 .B \-r
 option allows you to override this.  In conjunction with the
@ -107,6 +108,8 @@ processes a replication log and exits.
 .BI \-t " temp\-dir"
 .B slurpd
 copies the replication log to a working directory before processing it.
+The directory permissions should limit read/write/execute access as
+temporary files may contain sensitive information.
 This option allows you to specify the location of these temporary files. 
 The default is
 .BR LOCALSTATEDIR/openldap-slurp .