Hello list,

When starting slapd when an lmdb backend in readonly mode is on a readonly filesystem, slapd fails to start with:

66c347f4.334226ce 0x7fc9c14ffb08 @(#) $OpenLDAP: slapd 2.6.6 (Oct 22 2023 00:57:15) $ 2024-08-19T09:26:12.865756736-04:00 openldap 

2024-08-19T09:26:12.875884302-04:00 66c347f4.342f703c 0x7fc9c14ffb08 olcDbDirectory: value #0: invalid path: Read-only file system 

2024-08-19T09:26:12.875912369-04:00 66c347f4.3430d2ab 0x7fc9c14ffb08 config error processing olcDatabase={1}mdb,cn=config: olcDbDirectory: value #0: invalid path: Read-only file system 

2024-08-19T09:26:12.875942620-04:00 66c347f4.3434526e 0x7fc9c14ffb08 slapd stopped. 2024-08-19T09:26:12.875950918-04:00 66c347f4.343518c7 0x7fc9c14ffb08 connections_destroy: nothing to destroy.

Is there something I can set to make it start even though the filesystem is readonly?  For reference, the slapd configuration is below:

dn: cn=config

objectClass: olcGlobal

cn: config

olcPidFile: /etc/openldap/scratch/run/slapd.pid

olcArgsFile: /etc/openldap/scratch/run/slapd.args

olcLogLevel: stats

olcAuthzPolicy: none

olcSecurity: ssf=0 tls=0 simple_bind=0 transport=0

olcReadOnly: FALSE

dn: olcDatabase={-1}frontend,cn=config

objectClass: olcDatabaseConfig

objectClass: olcFrontendConfig

olcDatabase: {-1}frontend

olcAccess: to dn.base="" by * read

olcAccess: to dn.base="cn=Subschema" by * read

dn: cn=module,cn=config

objectClass: olcModuleList

cn: module

olcModulepath: /usr/lib/openldap

olcModuleload: back_mdb.so

olcModuleload: back_ldap.so

olcModuleLoad: ppolicy

dn: cn=schema,cn=config

objectClass: olcSchemaConfig

cn: schema

include: file:///etc/openldap/schema/core.ldif

include: file:///etc/openldap/schema/cosine.ldif

include: file:///etc/openldap/schema/inetorgperson.ldif

dn: olcDatabase={0}config,cn=config

objectClass: olcDatabaseConfig

olcDatabase: {0}config

olcAccess: to dn.base="cn=config" 

  by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage

  by * read

olcAccess: to dn.subtree="cn=config"

  by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage

  by * read

olcAccess: to * by * read

dn: olcDatabase={1}mdb,cn=config

objectClass: olcDatabaseConfig

objectClass: olcMdbConfig

olcDatabase: {1}mdb

olcSuffix: ou=data,dc=example,dc=com

olcRootDN: cn=root,ou=data,dc=example,dc=com

olcRootPW: <REDACTED>

olcReadOnly: TRUE

olcDbDirectory: /var/lib/openldap/data

olcAccess: to dn.base="ou=data,dc=example,dc=com" by * read

# Allow full read access for now for testing.

olcAccess: to dn.subtree="ou=data,dc=example,dc=com"

    by * read

olcLimits: * size=unlimited time=unlimited

olcDbMaxsize: 171798691840

olcDbIndex: objectClass eq,pres

olcDbIndex: entryUUID eq

olcDbIndex: entryCSN eq

olcDbIndex: cn eq

Thanks in advance.

Zach