[Bug 1362481] Re: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix
This bug was fixed in the package openldap - 2.4.40+dfsg-1ubuntu1
---
openldap (2.4.40+dfsg-1ubuntu1) wily; urgency=low
* Merge from Debian testing (LP: #1395098, LP: #1316124). Remaining changes:
- Enable AppArmor support:
- d/apparmor-profile: add AppArmor profile
- d/rules: use dh_apparmor
- d/control: Build-Depends on dh-apparmor
- d/slapd.README.Debian: add note about AppArmor
- Enable GSSAPI support:
- d/patches/gssapi.diff, thanks to Jerry Carter (Likewise):
- Add --with-gssapi support
- Make guess_service_principal() more robust when determining
principal
- d/configure.options: Configure with --with-gssapi
- d/control: Added heimdal-dev as a build depend
- Enable ufw support:
- d/control: suggest ufw.
- d/rules: install ufw profile.
- d/slapd.ufw.profile: add ufw profile.
- Enable nss overlay:
- d/{patches/nssov-build,rules}: Apply, build and package the
nss overlay.
- d/{rules,slapd.py}: Add apport hook.
- d/slapd.init.ldif: don't set olcRootDN since it's not defined in
either the default DIT nor via an Authn mapping.
- d/slapd.scripts-common:
- add slapcat_opts to local variables.
- Remove unused variable new_conf.
- Fix backup directory naming for multiple reconfiguration.
- d/{slapd.default,slapd.README.Debian}: use the new configuration style.
- d/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support
in the openldap library, as required by Likewise-Open
- Show distribution in version:
- d/control: added lsb-release
- d/patches/fix-ldap-distribution.patch: show distribution in version
* Drop patches included upstream:
- d/patches/0001-ITS-7430-GnuTLS-Avoid-use-of-deprecated-function.patch
- d/patches/bdb-deadlock.patch
- d/patches/its-7354-fix-delta-sync-mmr.diff
* Drop hardening-wrapper as Debian now sets PIE and bindnow flags.
* debian/patches/nssov-build: Adjust for upstream changes.
* debian/apparmor-profile:
- Change 'r' to 'rw' for ldapi and nslcd sockets, required for apparmor
kernel ABI v7 (utopic and later). (LP: #1392018)
- Reduce permissions on /run/nslcd to just the nslcd socket.
* Enable the mdb backend again on ppc64el, fixed upstream in ITS#7713.
(LP: #1293250)
openldap (2.4.40+dfsg-1) unstable; urgency=medium
* Remove inetorgperson.schema from the upstream source. Replace it with a
copy stripped of RFC text. (Closes: #780283)
* Adjust debian/watch for +dfsg versioning.
* debian/patches/ITS7975-fix-mdb-onelevel-search.patch: Import upstream
patch to fix scope=onelevel searches wrongly including the search base in
results under the MDB backend. (ITS#7975) (Closes: #782212)
openldap (2.4.40-4) unstable; urgency=medium
* debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream
patch to fix a crash when a search includes the Deref control with an
empty attribute list. (ITS#8027) (CVE-2015-1545, Closes: #776988)
* debian/patches/ITS8046-fix-vrFilter_free-crash.patch: Import upstream
patch to fix a double free triggered by certain search queries using the
Matched Values control. (ITS#8046) (CVE-2015-1546, Closes: #776991)
openldap (2.4.40-3) unstable; urgency=medium
* Remove trailing spaces from slapd.templates.
* Update Vietnamese debconf translation.
Thanks to Trần Ngọc Quân.
* Update Danish debconf translation.
Thanks to Joe Hansen. (Closes: #766848)
* Update Japanese debconf translation.
Thanks to Kenshi Muto. (Closes: #766824)
* Update Russian debconf translation.
Thanks to Yuri Kozlov. (Closes: #766825)
* Update Basque translation.
Thanks to Iñaki Larrañaga Murgoitio. (Closes: #767070)
* Update French debconf translation.
Thanks to Christian Perrier. (Closes: #767634)
* Update German debconf translation.
Thanks to Helge Kreutzmann. (Closes: #767686)
* Update Portuguese debconf translation.
Thanks to Ricardo Silva. (Closes: #768085)
* Update Italian debconf translation.
Thanks to Luca Monducci. (Closes: #768195)
* Update Turkish debconf translation.
Thanks to Atila KOÇ. (Closes: #768409)
* Update Czech debconf translation.
Thanks to Miroslav Kure. (Closes: #768591)
* Update Catalan debconf translation.
Thanks to Innocent De Marchi. (Closes: #768605)
* Update Dutch debconf translation.
Thanks to Frans Spiesschaert. (Closes: #769024)
* Update Brazilian Portuguese debconf translation.
Thanks to Adriano Rafael Gomes. (Closes: #769717)
* Update Galician debconf translation.
Thanks to Jorge Barreiro.
* Update Swedish debconf translation.
Thanks to Martin Bagge / brother. (Closes: #769867)
* Update Spanish debconf translation.
Thanks to Camaleón. (Closes: #770715)
* Fix doubled spaces in po files, caused by trailing spaces in the templates
file.
* Run debconf-updatepo to
[Bug 1362481] Re: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix
** Changed in: openldap (Debian) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1362481 Title: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1362481/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1362481] Re: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix
** Branch linked: lp:debian/openldap -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1362481 Title: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1362481/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1362481] Re: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix
** Changed in: openldap (Debian) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1362481 Title: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1362481/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1362481] Re: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix
If you are working on cleaning up the slapd.postinst script, you may find some of these related discussions to be interesting and/or helpful...: LP: #450645 error during slapd configuration: chown: cannot access `olcDbDirectory\nolcDbDirectory' LP: #632051 Improve slapd postinst error message in case database directory can't be determined for a given LDAP suffix LP: #571498 slapd.postinst should put all backed-up items together in one place under /var/backups LP: #571481 when slapd upgrade fails, later upgrade attempts overwrite saved backups of pre-upgrade configuration files -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1362481 Title: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1362481/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1362481] Re: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix
Thanks for the links. Several of those actually describe things I was already planning to work on. Good to have the bug #s for proper tracking and closing. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1362481 Title: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1362481/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1362481] Re: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix
Thanks for the report. At a glance, this appears like a more detailed duplicate of your comment on bug 322944; is that right, or is it a separate bug? Either way, if it's possible for you to provide a copy of your configuration that fails (with sensitive details/passwords removed), or steps to construct such a configuration, that would be really helpful. Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1362481 Title: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1362481/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1362481] Re: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix
Yes, they are definitly related, but not caused by the exact same
configuration. But still, the fixes i oulined may fix that bug too.
I can't provide our exact configuration, but I followed the guide at
http://www.openldap.org/doc/admin24/replication.html#Syncrepl%20Proxy to
set up replication to another ldap. This causes the suffix to appear in
both of
/etc/ldap/slap.d/cn=config/olcDatabase={1}hdb.ldif
/etc/ldap/slap.d/cn=config/olcDatabase={2}ldap.ldif
Only the first of them has olcDbDirectory in it.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1362481
Title:
openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not
empty and missing backup of suffix
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1362481/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1362481] Re: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix
Great. Thanks for that link, and also for the analysis and suggestions.
You're right: there is an implicit assumption that suffixes are unique,
and this setup is a valid one that breaks it.
With this change:
http://anonscm.debian.org/cgit/pkg-
openldap/openldap.git/commit/debian/slapd.scripts-
common?id=57b0cc5ae377b00219e73be87e0c3a151b5eda99
the dump part at least doesn't fail (slapcat -b dc=example,dc=com is
executed twice, operating on the disk-backed db both times), but I
wouldn't exactly call that correct.
Of course, running slapadd -b dc=example,dc=com twice is never going
to work. (Well, maybe if the database is totally empty.) (Additionally,
moving the old database out of the way doesn't work if we have {1}ldap
and {2}hdb instead of the reverse.)
I already wanted to redo the loops like you suggested; this is just
another reason to move forward on that. Probably it would be most robust
to use slap{cat,add} -nN instead of -b $suffix; at least that would have
the least chance for ambiguity.
** Changed in: openldap (Ubuntu)
Status: New = In Progress
** Changed in: openldap (Ubuntu)
Assignee: (unassigned) = Ryan Tandy (rtandy)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1362481
Title:
openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not
empty and missing backup of suffix
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1362481/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1362481] Re: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix
** Bug watch added: Debian Bug tracker #759596 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759596 ** Also affects: openldap (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759596 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1362481 Title: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1362481/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1362481] Re: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix
** Changed in: openldap (Debian) Status: Unknown = New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1362481 Title: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1362481/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
