[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5587) some changes in cn=config are not written to slapd.d
On Wednesday 02 July 2008 10:05:02 am Howard Chu wrote:
> Jeff Strunk wrote:
> > One example is adding the olcSyncrepl attribute to
> > olcDatabase={1}hdb,cn=config . Ldapmodify reported success. Ldapsearch
> > shows the new attribute. syncrepl works.
> > However, /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb,cn=config.ldif
> > does not have an olcSyncrepl attribute. When slapd is restarted, the
> > olcSyncrepl attribute is missing.
> >
> > The same thing happened when adding the entry for the syncrepl overlay.
>
> Have you successfully run "make test"? Those exact operations are part of
> test050... Have you got any slapd debug messages from these modification
> attempts?
This was an Ubuntu issue. They created an apparmor profile
for /usr/sbin/slapd, but they didn't let it write to /etc/ldap/slapd.d .
It the debug log, you'll find a permission denied error when trying to write a
tempfile with this bug.
It works with the following line in /etc/apparmor.d/usr.sbin.slapd :
/etc/ldap/slapd.d/** rw,
My strange symptom of only being able to write to cn=config.ldif was because I
used the following line instead:
/etc/ldap/slapd.d/* rw,
Thanks,
Jeff