Thanks 4 the quick response, I appreciate it :)

Working for my company, migrating rhds10 -> 11, I will try your recommendations (using default user/ group).
Maybe this will also answer my SELinux related questions. ^^

Thanks a lot!

Am So., 4. Okt. 2020 um 01:22 Uhr schrieb William Brown <>:

> On 4 Oct 2020, at 03:18, Hendrik Steiner <> wrote:
> Hi guys!
> Being an absolute NOOB, mailing the first time to this group, I hope you're patient with my lack of knowledge ...

It's not problem at all - welcome to 389-ds, we hope we can help out :)

> I have an issue with following documentation (is this the right place for issues?):

Yep it is :)

> My company works with RHDS11 (RHEL8) so I tried to recreate some stuff (Fedora 32):
> useradd -c "RedHat Directory Server" -u 389 -g 389 -s /sbin/nologin slapd
> groupadd -g 389 ds
> Needs to be done before the installation of "389-base", or user and group will be created automatically (dirsrv.dirsrv).
> Adapting basic configuration as described (instance.inf):
> [general]
> group = ds
> user = slapd

I don't think you should change this username/group. By default you should probably rely on the dirsrv user and group created by the rpm. Especially if you are using RHDS, Red Hat support will probably prefer you to use the "way it's tested" so that means using the shipped dirsrv username and group. Is there some reason you want to change this?

> leads to
> ERR - dse_read_one_file - The configuration file /etc/dirsrv/slapd-example/schema//usr/share/dirsrv/schema/60trust.ldif could not be accessed,
> error -1
> after a copy:
> cp /usr/share/dirsrv/schema/60trust.ldif /etc/dirsrv/schema/
> instance creation works like a charm ...

I suspect that this is a permissions problem with the files, as instance creation (probably) assumes dirsrv:dirsrv and you've changed that. Can you show us the ls -al of /etc/dirsrv/slapd-example/schema and /usr/share/dirsrv/schema/ ?

> Sorry again for being annoying, but ...
> where am I doing wrong?
> also having some SELinux related questions,
> is this the right place for such kind of issues?

Yep, please ask them :)

Hope that helps,


William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia
389-users mailing list --
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives: