Re: OpenLDAP 2.4.23 multi-master replication of the cn=config tree error: could not put entry file in place

[Cyril Grosjean <cgrosjean@janua.fr>]

On both masters, I get exactly the same result (command ran as root of course):

ls -lZd /etc/openldap/slapd.d /etc/openldap/slapd.d/cn=config.ldif

drwx------. ldap ldap system_u:object_r:slapd_db_t:s0  /etc/openldap/slapd.d

-rw-------. ldap ldap unconfined_u:object_r:etc_t:s0   /etc/openldap/slapd.d/cn=config.ldif

getfacl /etc/openldap/slapd.d /etc/openldap/slapd.d/cn=config.ldif

getfacl: Removing leading '/' from absolute path names

# file: etc/openldap/slapd.d

# owner: ldap

# group: ldap

user::rwx

group::---

other::---

# file: etc/openldap/slapd.d/cn=config.ldif

# owner: ldap

# group: ldap

user::rw-

group::---

other::---

Maybe the problem would also appear on the 1st master if I had tried to configure it after the second one.

I mean the problem may not be due to a specific machine but rather to the configuration order ..

2012/5/10 Brandon Hume <hume-ol@bofh.ca>

On 10/05/2012 2:21 PM, Cyril Grosjean wrote:

May 10 19:12:40 sashimi slapd[24866]: ldif_write_entry: cannot create file for "olcDatabase={0}config,cn=config": Permission denied

To add to Quanah's reply, it'd be interesting to see the results of an strace of the slapd process.  Using the above as an example, you could try (as root):

   strace -vv -s 1500 -e trace=file -f -o /tmp/slapd.strace -p 24866

Try to modify the config (olcLogLevel on cn=config, for example) and then ^C strace, and then grep for cn=config.ldif.  I suspect you might find some EACCES or EPERM errors on the open() calls for that file.

--

 

Cyril Grosjean

 

Tél    :  0489 829 238

Fax   :  0955 260 370

Mob  :  0685 599 481

 

Mail  :  cgrosjean@janua.fr

Blog  :  http://cgrosjean.ldaptools.com

Web  :  http://www.janua.fr