Description of problem: LDAP replication can NOT work in the latest release. Reason is a misplaced owner/group setting of the automatically created directory '/var/lib/ldap/replica' that is owned by 'root' instead of user 'ldap'. LDAP will write logging there by default but cannot! Version-Release number of selected component (if applicable): openldap-2.1.29-1 How reproducible: Changing owner: it works! Deleting directory: new dir is made with wrong owner root and it doesn't work anymore. Steps to Reproduce: 1. rmdir /var/lib/ldap/replica 2. /etc/init.d/openldap restart => NO REPLICATION!!! 3. chwon ldap:ldap /var/lib/ldap/replica => WORKS! Actual results: Expected results: Additional info:
Confirmed on RHEL3 Update 3 Now the question, what are the correct permissions for the files inside that directory ??
The correct permission should be already be set. Only the OpenLdap user should have access to this directory as far as I can see! => So it is 700! Update to No. 3: 3.a) chmod 700 /var/lib/ldap/replica 3.b) chown ldap:ldap /var/lib/ldap/replica => WORKS!
Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match.
Switching to RHEL 3 Update 3, since FC2 is no longer supported.
This bug is filed against RHEL 3, which is in maintenance phase. During the maintenance phase, only security errata and select mission critical bug fixes will be released for enterprise products. Since this bug does not meet that criteria, it is now being closed. For more information of the RHEL errata support policy, please visit: http://www.redhat.com/security/updates/errata/ If you feel this bug is indeed mission critical, please contact your support representative. You may be asked to provide detailed information on how this bug is affecting you.