[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [OT] SELinux woes

As of version 2.4.27, I believe back-sql supports dynamic configuration, so there's no need to switch to slapd.conf

see http://www.openldap.org/software/release/changes.html :
OpenLDAP 2.4.27 Release (2011/11/24)
Added slapd-sql dynamic config support

Le 17/01/2013 07:11, Ori Bani a écrit :

Trying to switch to slapd.conf instead of dynamic configuration in
order to test the back-sql backend I ran into a problem with SELinux
that I do not understand.

The startup fails with the error:

/etc/openldap/slapd.conf: line 27: invalid path: Permission denied

Disabling SELinux fixes the problem, however I'm not sure what is
going on.  The line in question is naturally the "directory" that
points in this case to /var/lib/ldap.  That directory is a hand-made
clone of the original one that was there which was moved (renamed) out
of the way.  Here is what I did:

mv /etc/openldap/slapd.d   /etc/openldap/slapd.d.BAK
mv /var/lib/ldap /var/lib/ldap.BAK
mkdir /var/lib/ldap
chown ldap:ldap /var/lib/ldap
chmod 700 /var/lib/ldap
create a simple /etc/openldap/slapd.conf

The ownership and permissions on ldap and ldap.BAK directories are
identical.  OpenLDAP works fine if I disable SELinux.

What is SELinux doing here?