389-ds-base

Clone
Source Code
GIT

#21 error log fails to report reasons why access log can;t be open
Closed: wontfix None Opened 12 years ago by mkosek.

Closed: wontfix
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=746350

If the access log cannot be opened there is an error reported in errors log.
But it doesn;t give any reason why the access log file couldn't be opened.
The errno should be returned at least.

Set NEEDINFO to the bz 746350 with the following comment:

I set a bogus access log path in cn=config:
nsslapd-accesslog: /var/log/dirsrv/slapd-bogus/access

Staring the server failed and this error/warning was logged in the error log:
[..] - WARNING: can't open file /var/log/dirsrv/slapd-bogus/access. errno 2 (No such file or directory)

I double checked the log.c code and verified all the opening access codes (LOG_OPEN_APPEND) are followed by the error report with errno and its strerror like this:
LDAPDebug(LDAP_DEBUG_ANY, "access file open %s failed errno %d (%s)\n",
loginfo.log_access_file, oserr, slapd_system_strerror(oserr));

Could it be possible to share the error log with us?

The test case must be SELinux error:

You have to test with an existing file you cannot open (SELinux was blocking
access at the time due to wrong labeling IIRC).

setenforce 1

getenforce

Enforcing

service dirsrv start

Set not-labeled path "/var/tmp/slapd-kiki1/access" to nsslapd-accesslog.

tail errors

[..] - WARNING: can't open file /var/tmp/slapd-kiki1/access. errno 13
(Permission denied)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[..] dse - The entry cn=config in file /etc/dirsrv/slapd-kiki/dse.ldif is
invalid, error code 53 (Server is unwilling to perform) - Cannot open accesslog
directory "/var/tmp/slapd-kiki1/access", client accesses will not be logged.
[..] dse - Could not load config file [dse.ldif]
[..] dse - Please edit the file to correct the reported problems and then
restart the server.

If I disable selinux, the server starts just fine with no warnings/errors. So,
this Permission denied error is coming from selinux.

no cloning - closed as worksforme upstream

Added initial screened field value.

Metadata Update from @nhosoi:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.2.10.rc1
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/21

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Invalid)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
Needs Review
0
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.