[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5587) some changes in cn=config are not written to slapd.d

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5587) some changes in cn=config are not written to slapd.d
From: jstrunk@math.utexas.edu
Date: Wed, 2 Jul 2008 16:52:29 GMT

On Wednesday 02 July 2008 10:05:02 am Howard Chu wrote:
> Jeff Strunk wrote:
> > One example is adding the olcSyncrepl attribute to
> > olcDatabase={1}hdb,cn=config . Ldapmodify reported success. Ldapsearch
> > shows the new attribute. syncrepl works.
> > However, /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb,cn=config.ldif
> > does not have an olcSyncrepl attribute. When slapd is restarted, the
> > olcSyncrepl attribute is missing.
> >
> > The same thing happened when adding the entry for the syncrepl overlay.
>
> Have you successfully run "make test"? Those exact operations are part of
> test050... Have you got any slapd debug messages from these modification
> attempts?

This was an Ubuntu issue. They created an apparmor profile 
for /usr/sbin/slapd, but they didn't let it write to /etc/ldap/slapd.d .

It the debug log, you'll find a permission denied error when trying to write a 
tempfile with this bug.

It works with the following line in /etc/apparmor.d/usr.sbin.slapd :

  /etc/ldap/slapd.d/** rw,

My strange symptom of only being able to write to cn=config.ldif was because I 
used the following line instead:

  /etc/ldap/slapd.d/* rw,

Thanks,
Jeff

Prev by Date: Re: ldapsearch and buffered stdout
Next by Date: (ITS#5591) olcSpReloadHint attribute missing from olcSyncProvConfig objectClass
Index(es):
- Chronological
- Thread