Red Hat Bugzilla – Bug 141606
OpenLDAP replication fails by wrong directory owner
Last modified: 2008-08-02 19:40:33 EDT
Description of problem:
LDAP replication can NOT work in the latest release. Reason is a
misplaced owner/group setting of the automatically created
directory '/var/lib/ldap/replica' that is owned by 'root' instead of
user 'ldap'. LDAP will write logging there by default but cannot!
Version-Release number of selected component (if applicable):
Changing owner: it works! Deleting directory: new dir is made with
wrong owner root and it doesn't work anymore.
Steps to Reproduce:
1. rmdir /var/lib/ldap/replica
2. /etc/init.d/openldap restart => NO REPLICATION!!!
3. chwon ldap:ldap /var/lib/ldap/replica => WORKS!
Confirmed on RHEL3 Update 3
Now the question, what are the correct permissions for the files
inside that directory ??
The correct permission should be already be set. Only the OpenLdap
user should have access to this directory as far as I can see!
=> So it is 700!
Update to No. 3:
3.a) chmod 700 /var/lib/ldap/replica
3.b) chown ldap:ldap /var/lib/ldap/replica => WORKS!
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Switching to RHEL 3 Update 3, since FC2 is no longer supported.
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
For more information of the RHEL errata support policy, please visit:
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.