Re: OpenLDAP 2.4.23 multi-master replication of the cn=config tree error: could not put entry file in place

[Brandon Hume <hume-ol@bofh.ca>]

 (Please reply to the list, so any useful information gets archived for 
others in the future...)

On 05/11/12 05:39 AM, Cyril Grosjean wrote:
> 26374 open("/etc/openldap/slapd.d/cn=config.ldif", O_RDONLY) = 16
> 26374 open("/etc/openldap/slapd.d/cn=config.40TIFd", 
> O_RDWR|O_CREAT|O_EXCL, 0600) = 16
> 26374 rename("/etc/openldap/slapd.d/cn=config.40TIFd", 
> "/etc/openldap/slapd.d/cn=config.ldif") = -1 EACCES (Permission denied)
> 26374 unlink("/etc/openldap/slapd.d/cn=config.40TIFd") = 0

> So it really looks to me like a bug. As suggested by Quanah, I'll try 
> OpenLDAP 2.4.31 if I've time for that, but my goal was possibly to 
> stick to "official" rpms, for obvious support reasons.

If it's a bug, then it's a bug in the operating system.  strace traces 
system calls ("_s_ystem trace").  You can plainly see OpenLDAP creating 
the new cn=config.ldif as a tempfile, trying to rename it to overwrite 
the old, and being told by the *OS* that it's not allowed to do so.  
Here's the exact same operation on my own server:

   5596  open("/appl/ldap/etc/slapd.d/cn=config.ldif", O_RDONLY) = 57
   5596  open("/appl/ldap/etc/slapd.d/cn=config.Zi6PH7",
   O_RDWR|O_CREAT|O_EXCL, 0600) = 57
   5596  rename("/appl/ldap/etc/slapd.d/cn=config.Zi6PH7",
   "/appl/ldap/etc/slapd.d/cn=config.ldif") = 0


How about showing us the exact permissions on the directory and that 
file?  What's the output of:

         ls -lZd /etc/openldap/slapd.d /etc/openldap/slapd.d/cn=config.ldif

and:

        getfacl /etc/openldap/slapd.d /etc/openldap/slapd.d/cn=config.ldif