Description of problem: slapd init script assumes /tmp (or $TMP) is executable, but setting noexec on a /tmp partition is a common (and recommended) security practice. It creates a wrapper script in that directory and then tries to execute it, which will fail with a cryptic permission denied error from bash. Version-Release number of selected component (if applicable): 2.3.43-3.el5 How reproducible: Every time. Steps to Reproduce: 1. Mount /tmp as a separate partition 2. Set the noexec option on it in fstab 3. Install openldap-servers package 4. Try to start with /sbin/service ldap start Actual results: permission denied error from bash (mentions the generated wrapper filename, e.g. /tmp/start-slapd.654321) Expected results: slapd starts Additional info: This wrapper should be created somewhere that is more often consider safe for executables. Maybe /var/run/openldap. It looks like it's created to work around some issues w/ the daemon command, so maybe it could be fixed there too.
This was fixed in Fedora some time ago and should be backported to RHEL.
Patch is in CVS, changing status to MODIFIED.
Succesfully verified on i386 and x86_64.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2010-0198.html