https://bugzilla.redhat.com/show_bug.cgi?id=746350
If the access log cannot be opened there is an error reported in errors log. But it doesn;t give any reason why the access log file couldn't be opened. The errno should be returned at least.
I set a bogus access log path in cn=config: nsslapd-accesslog: /var/log/dirsrv/slapd-bogus/access
Staring the server failed and this error/warning was logged in the error log: [..] - WARNING: can't open file /var/log/dirsrv/slapd-bogus/access. errno 2 (No such file or directory)
I double checked the log.c code and verified all the opening access codes (LOG_OPEN_APPEND) are followed by the error report with errno and its strerror like this: LDAPDebug(LDAP_DEBUG_ANY, "access file open %s failed errno %d (%s)\n", loginfo.log_access_file, oserr, slapd_system_strerror(oserr));
Could it be possible to share the error log with us?
The test case must be SELinux error:
You have to test with an existing file you cannot open (SELinux was blocking access at the time due to wrong labeling IIRC).
Enforcing
Set not-labeled path "/var/tmp/slapd-kiki1/access" to nsslapd-accesslog.
[..] - WARNING: can't open file /var/tmp/slapd-kiki1/access. errno 13 (Permission denied) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [..] dse - The entry cn=config in file /etc/dirsrv/slapd-kiki/dse.ldif is invalid, error code 53 (Server is unwilling to perform) - Cannot open accesslog directory "/var/tmp/slapd-kiki1/access", client accesses will not be logged. [..] dse - Could not load config file [dse.ldif] [..] dse - Please edit the file to correct the reported problems and then restart the server.
If I disable selinux, the server starts just fine with no warnings/errors. So, this Permission denied error is coming from selinux.
no cloning - closed as worksforme upstream
Added initial screened field value.
Metadata Update from @nhosoi: - Issue assigned to nhosoi - Issue set to the milestone: 1.2.10.rc1
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/21
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Invalid)
Login to comment on this ticket.