On Wednesday 02 July 2008 10:05:02 am Howard Chu wrote:

Jeff Strunk wrote:

...

One example is adding the olcSyncrepl attribute to olcDatabase={1}hdb,cn=config . Ldapmodify reported success. Ldapsearch shows the new attribute. syncrepl works. However, /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb,cn=config.ldif does not have an olcSyncrepl attribute. When slapd is restarted, the olcSyncrepl attribute is missing.

The same thing happened when adding the entry for the syncrepl overlay.

Have you successfully run "make test"? Those exact operations are part of test050... Have you got any slapd debug messages from these modification attempts?

This was an Ubuntu issue. They created an apparmor profile for /usr/sbin/slapd, but they didn't let it write to /etc/ldap/slapd.d .

It the debug log, you'll find a permission denied error when trying to write a tempfile with this bug.

It works with the following line in /etc/apparmor.d/usr.sbin.slapd :

/etc/ldap/slapd.d/** rw,

My strange symptom of only being able to write to cn=config.ldif was because I used the following line instead:

/etc/ldap/slapd.d/* rw,

Thanks, Jeff