Hello list,
When starting slapd when an lmdb backend in readonly mode is on a readonly filesystem, slapd fails to start with:
66c347f4.334226ce 0x7fc9c14ffb08 @(#) $OpenLDAP: slapd 2.6.6 (Oct 22 2023 00:57:15) $ 2024-08-19T09:26:12.865756736-04:00 openldap 2024-08-19T09:26:12.875884302-04:00 66c347f4.342f703c 0x7fc9c14ffb08 olcDbDirectory: value #0: invalid path: Read-only file system 2024-08-19T09:26:12.875912369-04:00 66c347f4.3430d2ab 0x7fc9c14ffb08 config error processing olcDatabase={1}mdb,cn=config: olcDbDirectory: value #0: invalid path: Read-only file system 2024-08-19T09:26:12.875942620-04:00 66c347f4.3434526e 0x7fc9c14ffb08 slapd stopped. 2024-08-19T09:26:12.875950918-04:00 66c347f4.343518c7 0x7fc9c14ffb08 connections_destroy: nothing to destroy.
Is there something I can set to make it start even though the filesystem is readonly? For reference, the slapd configuration is below:
dn: cn=config objectClass: olcGlobal cn: config olcPidFile: /etc/openldap/scratch/run/slapd.pid olcArgsFile: /etc/openldap/scratch/run/slapd.args olcLogLevel: stats olcAuthzPolicy: none olcSecurity: ssf=0 tls=0 simple_bind=0 transport=0 olcReadOnly: FALSE
dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: to dn.base="" by * read olcAccess: to dn.base="cn=Subschema" by * read
dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/lib/openldap olcModuleload: back_mdb.so olcModuleload: back_ldap.so olcModuleLoad: ppolicy
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema
include: file:///etc/openldap/schema/core.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: to dn.base="cn=config" by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * read olcAccess: to dn.subtree="cn=config" by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * read olcAccess: to * by * read
dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcSuffix: ou=data,dc=example,dc=com olcRootDN: cn=root,ou=data,dc=example,dc=com olcRootPW: <REDACTED> olcReadOnly: TRUE olcDbDirectory: /var/lib/openldap/data olcAccess: to dn.base="ou=data,dc=example,dc=com" by * read # Allow full read access for now for testing. olcAccess: to dn.subtree="ou=data,dc=example,dc=com" by * read olcLimits: * size=unlimited time=unlimited olcDbMaxsize: 171798691840 olcDbIndex: objectClass eq,pres olcDbIndex: entryUUID eq olcDbIndex: entryCSN eq olcDbIndex: cn eq
Thanks in advance.
Zach