Bug 141606 – OpenLDAP replication fails by wrong directory owner

Bug 141606 - OpenLDAP replication fails by wrong directory owner

Summary:	OpenLDAP replication fails by wrong directory owner

Status:	CLOSED WONTFIX

Aliases:	None

Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	openldap (Show other bugs)
Sub Component:
Version:	3.0
Hardware:	i386 Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Jan Safranek
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2004-12-02 09:22 EST by NN
Modified:	2008-08-02 19:40 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2007-10-19 15:12:23 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description NN 2004-12-02 09:22:17 EST

Description of problem:
LDAP replication can NOT work in the latest release. Reason is a 
misplaced owner/group setting of the automatically created 
directory '/var/lib/ldap/replica' that is owned by 'root' instead of 
user 'ldap'. LDAP will write logging there by default but cannot!

Version-Release number of selected component (if applicable):
openldap-2.1.29-1

How reproducible:
Changing owner: it works! Deleting directory: new dir is made with 
wrong owner root and it doesn't work anymore.

Steps to Reproduce:
1. rmdir /var/lib/ldap/replica
2. /etc/init.d/openldap restart => NO REPLICATION!!!
3. chwon ldap:ldap /var/lib/ldap/replica => WORKS!
  
Actual results:


Expected results:


Additional info:

Comment 1 Mohamed Eldesoky 2004-12-15 10:33:26 EST

Confirmed on RHEL3 Update 3

Now the question, what are the correct permissions for the files
inside that directory ??

Comment 2 NN 2004-12-15 10:58:28 EST

The correct permission should be already be set. Only the OpenLdap 
user should have access to this directory as far as I can see!
=> So it is 700!

Update to No. 3:
3.a) chmod 700 /var/lib/ldap/replica
3.b) chown ldap:ldap /var/lib/ldap/replica => WORKS!

Comment 3 Matthew Miller 2005-04-26 12:11:37 EDT

Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.

Comment 4 John Thacker 2006-10-28 13:01:14 EDT

Switching to RHEL 3 Update 3, since FC2 is no longer supported.

Comment 5 RHEL Product and Program Management 2007-10-19 15:12:23 EDT

This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.