Re: OpenLDAP 2.4.23 multi-master replication of the cn=config tree error: could not put entry file in place

To: openldap-technical@openldap.org
Subject: Re: OpenLDAP 2.4.23 multi-master replication of the cn=config tree error: could not put entry file in place
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Wed, 16 May 2012 16:44:17 +0200
Cc: Cyril Grosjean <cgrosjean@janua.fr>, Brandon Hume <hume-ol@bofh.ca>
In-reply-to: <CAOuB_juPaNP7uzoK8sQoyrPiH7_3fh5GqcxL7a8zjx3dmKK-Zw@mail.gmail.com>
References: <CAOuB_juUuNkv_Tp9cFxsOSdLkYQ6QpJ+iLq050KpCF08MRtwFg@mail.gmail.com> <4FAC36C6.7000901@bofh.ca> <CAOuB_juPaNP7uzoK8sQoyrPiH7_3fh5GqcxL7a8zjx3dmKK-Zw@mail.gmail.com>
User-agent: KMail/1.13.7 (Linux/2.6.38.8-desktop-10.mga; KDE/4.6.5; x86_64; ; )

On Friday, 11 May 2012 14:32:07 Cyril Grosjean wrote:

> On both masters, I get exactly the same result (command ran as root of

> course):

> ls -lZd /etc/openldap/slapd.d /etc/openldap/slapd.d/cn=config.ldif

> drwx------. ldap ldap system_u:object_r:slapd_db_t:s0

> /etc/openldap/slapd.d -rw-------. ldap ldap unconfined_u:object_r:etc_t:s0

> /etc/openldap/slapd.d/cn=config.ldif

Note carefully the SELinux context difference between the directory (which is probably correct) and the file (which probably isn't).

sealert would probably show you SELinux violations attempting to access/write to cn=config.ldif.

Regards,

Buchan

References:
- OpenLDAP 2.4.23 multi-master replication of the cn=config tree error: could not put entry file in place
  - From: Cyril Grosjean <cgrosjean@janua.fr>
- Re: OpenLDAP 2.4.23 multi-master replication of the cn=config tree error: could not put entry file in place
  - From: Brandon Hume <hume-ol@bofh.ca>
- Re: OpenLDAP 2.4.23 multi-master replication of the cn=config tree error: could not put entry file in place
  - From: Cyril Grosjean <cgrosjean@janua.fr>