All,
Trying to switch to slapd.conf instead of dynamic configuration in order to test the back-sql backend I ran into a problem with SELinux that I do not understand.
The startup fails with the error:
/etc/openldap/slapd.conf: line 27: invalid path: Permission denied
Disabling SELinux fixes the problem, however I'm not sure what is going on. The line in question is naturally the "directory" that points in this case to /var/lib/ldap. That directory is a hand-made clone of the original one that was there which was moved (renamed) out of the way. Here is what I did:
mv /etc/openldap/slapd.d /etc/openldap/slapd.d.BAK mv /var/lib/ldap /var/lib/ldap.BAK mkdir /var/lib/ldap chown ldap:ldap /var/lib/ldap chmod 700 /var/lib/ldap create a simple /etc/openldap/slapd.conf
The ownership and permissions on ldap and ldap.BAK directories are identical. OpenLDAP works fine if I disable SELinux.
What is SELinux doing here?