(Please reply to the list, so any useful information gets archived for others in the future...)

On 05/11/12 05:39 AM, Cyril Grosjean wrote:

26374 open("/etc/openldap/slapd.d/cn=config.ldif", O_RDONLY) = 16 26374 open("/etc/openldap/slapd.d/cn=config.40TIFd", O_RDWR|O_CREAT|O_EXCL, 0600) = 16 26374 rename("/etc/openldap/slapd.d/cn=config.40TIFd", "/etc/openldap/slapd.d/cn=config.ldif") = -1 EACCES (Permission denied) 26374 unlink("/etc/openldap/slapd.d/cn=config.40TIFd") = 0

So it really looks to me like a bug. As suggested by Quanah, I'll try OpenLDAP 2.4.31 if I've time for that, but my goal was possibly to stick to "official" rpms, for obvious support reasons.

If it's a bug, then it's a bug in the operating system. strace traces system calls ("_s_ystem trace"). You can plainly see OpenLDAP creating the new cn=config.ldif as a tempfile, trying to rename it to overwrite the old, and being told by the *OS* that it's not allowed to do so. Here's the exact same operation on my own server:

5596 open("/appl/ldap/etc/slapd.d/cn=config.ldif", O_RDONLY) = 57 5596 open("/appl/ldap/etc/slapd.d/cn=config.Zi6PH7", O_RDWR|O_CREAT|O_EXCL, 0600) = 57 5596 rename("/appl/ldap/etc/slapd.d/cn=config.Zi6PH7", "/appl/ldap/etc/slapd.d/cn=config.ldif") = 0

How about showing us the exact permissions on the directory and that file? What's the output of:

ls -lZd /etc/openldap/slapd.d /etc/openldap/slapd.d/cn=config.ldif

and:

getfacl /etc/openldap/slapd.d /etc/openldap/slapd.d/cn=config.ldif