(Please reply to the list, so any useful information gets archived for others in the future...)
On 05/11/12 05:39 AM, Cyril Grosjean wrote:
26374 open("/etc/openldap/slapd.d/cn=config.ldif", O_RDONLY) = 16 26374 open("/etc/openldap/slapd.d/cn=config.40TIFd", O_RDWR|O_CREAT|O_EXCL, 0600) = 16 26374 rename("/etc/openldap/slapd.d/cn=config.40TIFd", "/etc/openldap/slapd.d/cn=config.ldif") = -1 EACCES (Permission denied) 26374 unlink("/etc/openldap/slapd.d/cn=config.40TIFd") = 0
So it really looks to me like a bug. As suggested by Quanah, I'll try OpenLDAP 2.4.31 if I've time for that, but my goal was possibly to stick to "official" rpms, for obvious support reasons.
If it's a bug, then it's a bug in the operating system. strace traces system calls ("_s_ystem trace"). You can plainly see OpenLDAP creating the new cn=config.ldif as a tempfile, trying to rename it to overwrite the old, and being told by the *OS* that it's not allowed to do so. Here's the exact same operation on my own server:
5596 open("/appl/ldap/etc/slapd.d/cn=config.ldif", O_RDONLY) = 57 5596 open("/appl/ldap/etc/slapd.d/cn=config.Zi6PH7", O_RDWR|O_CREAT|O_EXCL, 0600) = 57 5596 rename("/appl/ldap/etc/slapd.d/cn=config.Zi6PH7", "/appl/ldap/etc/slapd.d/cn=config.ldif") = 0
How about showing us the exact permissions on the directory and that file? What's the output of:
ls -lZd /etc/openldap/slapd.d /etc/openldap/slapd.d/cn=config.ldif
and:
getfacl /etc/openldap/slapd.d /etc/openldap/slapd.d/cn=config.ldif
I took time to install an OpenLDAP 2.4.31 package on the 2nd master, and now it all works fine, while the 1st master still runs OpenLDAP 2.4.23: I've multi-master replication working in both ways for both backends (data & config). So, it was not a system problem, although it looked like one. I'll take time to upgrade the 1st server later. Thank you all for your feedback.
Cyril Grosjean wrote:
I took time to install an OpenLDAP 2.4.31 package on the 2nd master, and now it all works fine, while the 1st master still runs OpenLDAP 2.4.23: I've multi-master replication working in both ways for both backends (data & config). So, it was not a system problem, although it looked like one. I'll take time to upgrade the 1st server later. Thank you all for your feedback.
Is this RHEL? Is SELinux part of the game?
Still I'd also recommend to update to 2.4.31 though.
Ciao, Michael.
openldap-technical@openldap.org