openldap2/slapd.service

[Unit]
Description=OpenLDAP Server Daemon
After=syslog.target network.target

[Service]
Type=forking
ExecStart=/usr/lib/openldap/start

# Hardening to prevent security escalation.
## Future hardening for FS protection.
# ProtectSystem=full
# ReadWritePaths=/etc/openldap/slapd.d /var/lib/ldap

RestrictSUIDSGID=true
NoNewPrivileges=true
PrivateTmp=true
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target
Sync from SUSE:SLFO:Main openldap2 revision 797c98628f627d4fef10264beba567c3 2024-05-03 17:29:47 +02:00			`[Unit]`
			`Description=OpenLDAP Server Daemon`
			`After=syslog.target network.target`

			`[Service]`
			`Type=forking`
			`ExecStart=/usr/lib/openldap/start`

			`# Hardening to prevent security escalation.`
			`## Future hardening for FS protection.`
			`# ProtectSystem=full`
			`# ReadWritePaths=/etc/openldap/slapd.d /var/lib/ldap`

			`RestrictSUIDSGID=true`
			`NoNewPrivileges=true`
			`PrivateTmp=true`
			`PrivateDevices=true`
			`ProtectHostname=true`
			`ProtectClock=true`
			`ProtectKernelTunables=true`
			`ProtectKernelModules=true`
			`ProtectKernelLogs=true`
			`ProtectControlGroups=true`
			`MemoryDenyWriteExecute=true`

			`[Install]`
			`WantedBy=multi-user.target`