Comment # 12 on bug 1121298 from William Brown

(In reply to Eric Schirra from comment #11)
> I have now done a little research.
> You can start multiple instances of the 389-ds.
> There is then a dse.ldif for each instance under /etc/dirsrv/...
> In this ldif you can set the following parameters:
>    sslapd-localuser:% ds_user%

Yes it is possible to have different instances, via the dscreate tool.

However, you should *never* change the nsslapd-localuser: setting in cn=config
post install, you should do it during dscreate via the from-file method.

You still should never be changing this value. 

> 
> If you do not use dirsrv here, but here, for example, kolab, then this
> requires write access to /var/lib/dirsrv, among other things.
> This user, kolab, must therefore be in the dirsrv group.
> Second, the group right from dirsrv to /var/lib/dirsrv must have write
> rights.
> Therefore it must change/fix in spec file from 389-ds.
> 
> Correct me if I'm wrong.
> But if i am correct, please correct the right in the spec.

No, you should never need to change the user for directory server. You have not
specified why you need to write to /var/lib/dirsrv. You need to explain clearly
WHY kolab is attempting to write to this directory, at all, because it's
probably a bug in kolab. You should never need to take the actions you are
proposing.

I'm happy to help you identify the bug in kolab that is causing this, and to
discuss, but this is not the venue for it, and directory server is not the
problem in this case.

I'm closing this issue again, and if you want proper support in the matter,
please email the 389 users list (389-users@lists.fedoraproject.org) to help
identify what is the problem with kolab that needs resolving. 

Thanks,