Bug#1010971:

[Ryan Tandy]

Control: reassign -1 slapd 2.5.12+dfsg-1
Control: affects -1 src:sssd
Control: forcemerge -1 1010678

Thanks Andreas for providing the additional details here. I'm aware of 
the problem and will upload openldap with a workaround ASAP. I had not 
seen Dave's MR for debconf, though; thanks for that.


Merging with #1010678. I had also opened #1010677 against debhelper, 
which I guess I will close once debconf is fixed.

Bug#1010971:

[Andreas Hasenack]

Hi,

this is the root cause:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006147

There is a PR for it:
https://salsa.debian.org/pkg-debconf/debconf/-/merge_requests/10

Ubuntu is carrying this patch for now:
https://git.launchpad.net/ubuntu/+source/debconf/commit/?h=applied/ubuntu/devel

To workaround it, restart slapd after dpkg-reconfigure.

Bug#1010971: openldap breaks sssd autopkgtest: ldap_bind: Invalid credentials

[Paul Gevers]

Source: openldap, sssd
Control: found -1 openldap/2.5.12+dfsg-1
Control: found -1 sssd/2.6.3-3
Severity: serious
Tags: sid bookworm
User: debian...@lists.debian.org
Usertags: breaks needs-update

Dear maintainer(s),

With a recent upload of openldap the autopkgtest of sssd fails in 
testing when that autopkgtest is run with the binary packages of 
openldap from unstable. It passes when run with only packages from 
testing. In tabular form:


   passfail
openldap   from testing2.5.12+dfsg-1
sssd   from testing2.6.3-3
versioned deps [0] from testingfrom unstable
all others from testingfrom testing

I copied some of the output at the bottom of this report.

Currently this regression is blocking the migration of openldap to 
testing [1]. Due to the nature of this issue, I filed this bug report 
against both packages. Can you please investigate the situation and 
reassign the bug to the right package?


More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[0] You can see what packages were added from the second line of the log 
file quoted below. The migration software adds source package from 
unstable to the list if they are needed to install packages from 
openldap/2.5.12+dfsg-1. I.e. due to versioned dependencies or 
breaks/conflicts.

[1] https://qa.debian.org/excuses.php?package=openldap

https://ci.debian.net/data/autopkgtest/testing/amd64/s/sssd/21705563/log.gz

+ . debian/tests/util
+ . debian/tests/common-tests
+ mydomain=example.com
+ myhostname=ldap.example.com
+ mysuffix=dc=example,dc=com
+ admin_dn=cn=admin,dc=example,dc=com
+ admin_pw=secret
+ ldap_user=testuser1
+ ldap_user_pw=testuser1secret
+ ldap_group=ldapusers
+ adjust_hostname ldap.example.com
+ local myhostname=ldap.example.com
+ echo ldap.example.com
+ hostname ldap.example.com
+ grep -qE ldap.example.com /etc/hosts
+ echo 127.0.1.10 ldap.example.com
+ reconfigure_slapd
+ debconf-set-selections
+ rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb
+ dpkg-reconfigure -fnoninteractive -pcritical slapd
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.5.12+dfsg-1... done.
  Moving old database directory to /var/backups:
  - directory unknown... done.
  Creating initial configuration... done.
  Creating LDAP directory... done.
+ generate_certs ldap.example.com
+ local cn=ldap.example.com
+ local cert=/etc/ldap/server.pem
+ local key=/etc/ldap/server.key
+ local cnf=/etc/ldap/openssl.cnf
+ cat
+ openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout 
/etc/ldap/server.key -config /etc/ldap/openssl.cnf

Generating a RSA private key
.+
+
writing new private key to '/etc/ldap/server.key'
-
+ chmod 0640 /etc/ldap/server.key
+ chgrp openldap /etc/ldap/server.key
+ [ ! -f /etc/ldap/server.pem ]
+ [ ! -f /etc/ldap/server.key ]
+ enable_ldap_ssl
+ cat
+ cat+ ldapmodify -H ldapi:/// -Y EXTERNAL -Q
modifying entry "cn=config"

+ populate_ldap_rfc2307
+ ldapadd -x -D cn=admin,dc=example,dc=com -w secret
+ cat
ldap_bind: Invalid credentials (49)
autopkgtest [05:16:59]: test ldap-user-group-ldap-auth



OpenPGP_signature
Description: OpenPGP digital signature