LDAP Service cannot access files under the host's /tmp and /var/tmp directories.

Solution Verified - Updated 10 Oct 2025

Environment

Red Hat Enterprise Linux 8 and later
Red Hat Directory Server 11 and later
IPA 4.x and later

Issue

Online import is failing either using the Web Console or the CLI when the LDIF file is stored under the host /tmp or /var/tmp directories.

Resolution

Use the recommended location to store the exported data.

 /var/lib/dirsrv/slapd-<INSTANCE>/ldif/

Root Cause

Starting with RHEL 8.3, the LDAP service now uses its own private /tmp and /var/tmp directories.
The systemd directive PrivateTmp is now enabled by default for the LDAP Server unit.

# man systemd.exec
...
      PrivateTmp=
           Takes a boolean argument. If true, sets up a new file system namespace for the executed processes and mounts private /tmp and /var/tmp directories
           inside it that is not shared by processes outside of the namespace. This is useful to secure access to temporary files of the process, but makes
           sharing between processes via /tmp or /var/tmp impossible. If this is enabled, all temporary files created by a service in these directories will be
           removed after the service is stopped. Defaults to false. 
...
#

Diagnostic Steps

# ls -l /var/tmp/test.ldif
-rw-r--r--. 1 dirsrv dirsrv 192468 Jan  9 23:05 /var/tmp/test.ldif
#
# dsconf ldapi://%2fvar%2frun%2fslapd-<INSTANCE>.socket backend import userRoot /var/tmp/test.ldif 
Error: Import task failed
-------------------------
Beginning import job...
Index buffering enabled with bucket size 17
Could not open LDIF file "/var/tmp/test.ldif", errno 2 (No such file or directory)
Thread monitoring returned: -23

Aborting all Import threads...
Import threads aborted.
Closing files...
Import failed.
#

Check the PrivateTmp setting for the LDAP service:

# systemctl show dirsrv@<INSTANCE>.service -p PrivateTmp
PrivateTmp=yes
#

Check the list of files named systemd-private* under /tmp and /var/tmp

# ls -ld /tmp/systemd-private* | grep dirsrv
drwx------. 3 root root 17 Jan  5 22:29 /tmp/systemd-private-8c272e5a08e14b5dae576d768ef09e89-dirsrv@<INSTANCE>.service-YLZlYX
#
#  ls -ld /var/tmp/systemd-private* | grep dirsrv
drwx------. 3 root root 17 Jan  5 22:29 /var/tmp/systemd-private-8c272e5a08e14b5dae576d768ef09e89-dirsrv@<INSTANCE>.service-t8ATTO
#

SBR

Identity Management

Product(s)

Red Hat Directory Server

Components

389-ds-base

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.