Description of problem: After performing an upgrade from IPA v1.2.1 to v1.2.2 on a Fedora11 box, the dirsrv stopped starting properly after rebooting the system. This led to the krb5kdc service not starting properly either. Version-Release number of selected component (if applicable): Version 1.2.2 displayed this problem. Actual results: The dirsrv service failed to start at boot time with the following error: [16/Oct/2009:20:04:42 +0000] - Unable to access nsslapd-rundir: Permission denied [16/Oct/2009:20:04:42 +0000] - Ensure that user "dirsrv" has read and write permissions on /var/run/dirsrv Expected results: The dirsrv service should have started up properly. Additional info: After the system had started up (which took a very long time since the dirsrv and krb5kdc services hung for a long time) the services could be started up as root: service dirsrv restart service krb5kdc restart Workaround: Changing the ownership of the /var/run/dirsrv/ directory solved this problem for me: chown dirsrv:dirsrv /var/run/dirsrv
Do you know what version of 389 or fedora-ds-base was installed prior to the upgrade? What version of 389-ds-base did the system upgrade to? rpm -qi 389-ds-base Earlier versions of fedora-ds-base and 389-ds-base had problems in that upgrading the rpm would overwrite the ownership and permissions on /var/run/dirsrv - newer versions do not do this - so it's important to know what versions show this problem, to see if perhaps 1) the original problem is still not fixed 2) there is a new problem that has the same/similar symptoms
ping
I'm afraid I don't know which version _was_ installed but the version I upgraded to is: [root@ipa ~]# rpm -qi 389-ds-base Name : 389-ds-base Relocations: (not relocatable) Version : 1.2.2 Vendor: Fedora Project Release : 1.fc11 Build Date: Tue 25 Aug 2009 08:07:37 PM GMT Install Date: Fri 16 Oct 2009 07:56:52 PM GMT Build Host: x86-5.fedora.phx.redhat.com Group : System Environment/Daemons Source RPM: 389-ds-base-1.2.2-1.fc11.src.rpm Size : 5287485 License: GPLv2 with exceptions Signature : RSA/SHA1, Wed 26 Aug 2009 11:56:53 AM GMT, Key ID 1dc5c758d22e77f2 Packager : Fedora Project URL : http://port389.org/ Summary : 389 Directory Server (base) Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. Hope this helps. - Stefan
I'm pretty sure this was fixed in fedora-ds-base 1.2.0 as part of https://bugzilla.redhat.com/show_bug.cgi?id=430368 or https://bugzilla.redhat.com/show_bug.cgi?id=432135 I'm not sure what happened in your case. The rpm only touches /var/run/dirsrv if it does not exist. The setup-ds.pl script will change the permission and ownership to match your server, but that's only run at setup time, usually only when creating a new directory server instance. I'm going to file this as closed/currentrelease - if the problem persists or is reproducible, please reopen.