On both masters, I get exactly the same result (command ran as root of course):
ls -lZd /etc/openldap/slapd.d /etc/openldap/slapd.d/cn=config.ldif drwx------. ldap ldap system_u:object_r:slapd_db_t:s0 /etc/openldap/slapd.d -rw-------. ldap ldap unconfined_u:object_r:etc_t:s0 /etc/openldap/slapd.d/cn=config.ldif getfacl /etc/openldap/slapd.d /etc/openldap/slapd.d/cn=config.ldif getfacl: Removing leading '/' from absolute path names # file: etc/openldap/slapd.d # owner: ldap # group: ldap user::rwx group::--- other::--- # file: etc/openldap/slapd.d/cn=config.ldif # owner: ldap # group: ldap user::rw- group::--- other::--- Maybe the problem would also appear on the 1st master if I had tried to configure it after the second one. I mean the problem may not be due to a specific machine but rather to the configuration order .. 2012/5/10 Brandon Hume <[email protected]> > On 10/05/2012 2:21 PM, Cyril Grosjean wrote: > >> May 10 19:12:40 sashimi slapd[24866]: ldif_write_entry: cannot create >> file for "olcDatabase={0}config,cn=**config": Permission denied >> > > To add to Quanah's reply, it'd be interesting to see the results of an > strace of the slapd process. Using the above as an example, you could try > (as root): > > strace -vv -s 1500 -e trace=file -f -o /tmp/slapd.strace -p 24866 > > Try to modify the config (olcLogLevel on cn=config, for example) and then > ^C strace, and then grep for cn=config.ldif. I suspect you might find some > EACCES or EPERM errors on the open() calls for that file. > > -- Cyril Grosjean Tél : *0489 829 238* Fax : *0955 260 370* Mob : *0685 599 481* ** ** Mail : *[email protected]* <[email protected]> Blog : *http://cgrosjean.ldaptools.com* <http://cgrosjean.ldaptools.com/> Web : *http://www.janua.fr* <http://www.janua.fr/>
