On both masters, I get exactly the same result (command ran as root of course):
ls -lZd /etc/openldap/slapd.d /etc/openldap/slapd.d/cn=config.ldif
drwx------. ldap ldap system_u:object_r:slapd_db_t:s0 /etc/openldap/slapd.d -rw-------. ldap ldap unconfined_u:object_r:etc_t:s0 /etc/openldap/slapd.d/cn=config.ldif
getfacl /etc/openldap/slapd.d /etc/openldap/slapd.d/cn=config.ldif getfacl: Removing leading '/' from absolute path names # file: etc/openldap/slapd.d # owner: ldap # group: ldap user::rwx group::--- other::---
# file: etc/openldap/slapd.d/cn=config.ldif # owner: ldap # group: ldap user::rw- group::--- other::---
Maybe the problem would also appear on the 1st master if I had tried to configure it after the second one. I mean the problem may not be due to a specific machine but rather to the configuration order ..
2012/5/10 Brandon Hume hume-ol@bofh.ca
On 10/05/2012 2:21 PM, Cyril Grosjean wrote:
May 10 19:12:40 sashimi slapd[24866]: ldif_write_entry: cannot create file for "olcDatabase={0}config,cn=**config": Permission denied
To add to Quanah's reply, it'd be interesting to see the results of an strace of the slapd process. Using the above as an example, you could try (as root):
strace -vv -s 1500 -e trace=file -f -o /tmp/slapd.strace -p 24866
Try to modify the config (olcLogLevel on cn=config, for example) and then ^C strace, and then grep for cn=config.ldif. I suspect you might find some EACCES or EPERM errors on the open() calls for that file.