Re: [Touch-packages] [Bug 1921562] [NEW] Intermittent hangs during ldap_search_ext when TLS enabled

2021-03-26 Thread Ryan Tandy
On Sat, Mar 27, 2021 at 01:06:42AM -, Vincent Vanlaer wrote: >https://git.openldap.org/openldap/openldap/-/commit/735e1ab Note that this commit is for OpenLDAP 2.5 and needs adjustment for the 2.4 branch. The commit ids for 2.4 are:

[Touch-packages] [Bug 571481] Re: when slapd upgrade fails, later upgrade attempts overwrite saved backups of pre-upgrade configuration files

2021-02-25 Thread Ryan Tandy
Fixed in 2.4.51+dfsg-1 i.e. groovy ** Changed in: openldap (Ubuntu) Assignee: Ryan Tandy (rtandy) => (unassigned) ** Changed in: openldap (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1891548] Re: autofs-ldap's /etc/ldap/schema/autofs.schema crashes slapd

2020-08-14 Thread Ryan Tandy
msp3k is correct. The bug is in autofs-ldap, not in slapd. slapd is correct to reject "caseExactMatch" since the attribute syntax is IA5 String. The correct fix is what msp3k said, fix the matching rule to be caseExactIA5Match like it was in the old one. --- /etc/ldap/schema/autofs.schema

Re: [Touch-packages] [Bug 1880209] [NEW] slapd configuration does not ask for olcbackend and doesn't add one. Has to be added by hand.

2020-05-22 Thread Ryan Tandy
On Fri, May 22, 2020 at 04:34:52PM -, Mario Mech wrote: >Installing slapd and ldap-utils results in missing backend > >dn: olcBackend={0}mdb,cn=config > >the installer skips the installation step. Has to be added by >ldpamodify. This was done intentionally as it's much more common to

Re: [Touch-packages] [Bug 1875697] Re: drop fix-ldap-distribution.patch?

2020-05-08 Thread Ryan Tandy
On Fri, May 08, 2020 at 07:57:38PM -, Andreas Hasenack wrote: >But looks like the email is wrong, we should be showing ubuntu-devel@ >there instead of the debian maintainers list. I'm fine with receiving mail from Ubuntu users as well. (in IRC I'm usually supporting at least as many Ubuntu

[Touch-packages] [Bug 1875697] [NEW] drop fix-ldap-distribution.patch?

2020-04-28 Thread Ryan Tandy
Public bug reported: Hi, In version 2.4.49+dfsg-3 I fixed a bug where the version was missing from the -V output in OpenLDAP programs: . At the same time, I've patched it to display the package version there, instead of the upstream version: # slapd -VV @(#)

[Touch-packages] [Bug 1866303] [NEW] slapd crash with pwdAccountLockedTime and stacked overlays

2020-03-05 Thread Ryan Tandy
Public bug reported: Hello, Please merge openldap 2.4.49+dfsg-2 from Debian unstable to fix an issue in the ppolicy overlay that can crash slapd. Please also consider SRUing the patch after it has had some testing time. Upstream: https://openldap.org/its/?findid=9171 Debian:

[Touch-packages] [Bug 1866303] test script

2020-03-05 Thread Ryan Tandy
** Attachment added: "slapd.conf" https://bugs.launchpad.net/bugs/1866303/+attachment/5334194/+files/slapd.conf ** Attachment added: "data.ldif" https://bugs.launchpad.net/bugs/1866303/+attachment/5334195/+files/data.ldif ** Attachment added: "samba.schema"

[Touch-packages] [Bug 1864205] Re: _sasl_plugin_load failed on sasl_canonuser_init

2020-02-21 Thread Ryan Tandy
The messages are harmless as far as I know. If you don't want to see them, uninstall the libsasl2-modules-ldap package. (Since you evidently haven't configured it, I assume you aren't using it.) At any rate this is not a bug in the openldap package. ** Changed in: openldap (Ubuntu)

[Touch-packages] [Bug 1838370] Re: slapd segfault on filter parse error

2019-08-07 Thread Ryan Tandy
This has already been fixed as of 2.4.48+dfsg-1ubuntu1. I'm not sure why the upload didn't automatically close the bug. ** Changed in: openldap (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which

[Touch-packages] [Bug 1838370] Re: slapd segfault on filter parse error

2019-07-30 Thread Ryan Tandy
Looks like this is fixed upstream already: https://openldap.org/its/?findid=8964 fixed in 2.4.48. Cherry-picking upstream commit d40b357f5da9a94d2f4f541c21bde02610d9cd3b fixes the crash for me. ** Also affects: openldap Importance: Undecided Status: New ** Changed in: openldap

Re: [Touch-packages] [Bug 1838380] [NEW] slapd does not automatically restart on failure

2019-07-30 Thread Ryan Tandy
Hello, You can configure that yourself with a systemd drop-in file that modifies the generated unit. A similar one was recently added to set RemainOnExit=false; see bug 1821343. I can't comment on whether it's appropriate to add that behaviour in the package by default. -- You received this

Re: [Touch-packages] [Bug 1838370] [NEW] slapd segfault on filter parse error

2019-07-30 Thread Ryan Tandy
Hello, thank you for the report. I was able to reproduce the crash locally by intentionally mis-configuring the rwm overlay. Could you please provide a copy of your rwm overlay configuration? I would like to see what the actual parse failure was in your instance. ** Changed in: openldap

Re: [Touch-packages] [Bug 1821343] [NEW] slapd process failure is not detected by systemd

2019-03-22 Thread Ryan Tandy
Hello Hector, On Fri, Mar 22, 2019 at 12:36:57PM -, Heitor R. Alves de Siqueira wrote: >The slapd package for OpenLDAP is shipped with a SysV-style init script >(/etc/init.d/slapd). Systemd automatically converts this to a systemd >service by generating the unit file using the

[Touch-packages] [Bug 1811630] Re: Please merge openldap 2.4.47+dfsg-2 (main) from Debian unstable (main)

2019-01-13 Thread Ryan Tandy
Also here is my git branch in case you prefer to view the merge commit directly: https://salsa.debian.org/openldap-team/openldap/tree/ubuntu/merge-2.4.47 ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1811630] Re: Please merge openldap 2.4.47+dfsg-2 (main) from Debian unstable (main)

2019-01-13 Thread Ryan Tandy
** Attachment added: "openldap_2.4.47+dfsg-2ubuntu1.debian.tar.xz" https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1811630/+attachment/5228960/+files/openldap_2.4.47+dfsg-2ubuntu1.debian.tar.xz -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1811630] [NEW] Please merge openldap 2.4.47+dfsg-2 (main) from Debian unstable (main)

2019-01-13 Thread Ryan Tandy
Public bug reported: Hello, I have prepared the merge of openldap 2.4.47+dfsg-2. This will probably be the version released in Debian buster unless any release critical bugs show up. I made changes in Debian to how the contrib modules are built. I made the same changes for nssov in this merge

[Touch-packages] [Bug 1811630] Re: Please merge openldap 2.4.47+dfsg-2 (main) from Debian unstable (main)

2019-01-13 Thread Ryan Tandy
** Attachment added: "openldap_2.4.47+dfsg-2ubuntu1.dsc" https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1811630/+attachment/5228959/+files/openldap_2.4.47+dfsg-2ubuntu1.dsc -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1809938] Re: delta syncrepl generates reqMod Attribute 'colon' with emtpty value

2018-12-27 Thread Ryan Tandy
** Changed in: openldap (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1809938 Title: delta syncrepl generates reqMod Attribute

Re: [Touch-packages] [Bug 1809938] [NEW] delta syncrepl generates reqMod Attribute 'colon' with emtpty value

2018-12-27 Thread Ryan Tandy
Hello Mario, This was an intentional change by OpenLDAP developers, in order to fix a replication bug that could cause providers and consumers to lose sync. Please see the upstream issue for the full details: http://www.openldap.org/its/?findid=6545 I confirm this behaviour on a producer

[Touch-packages] [Bug 1782203] Re: package slapd 2.4.45+dfsg-1ubuntu1 failed to install/upgrade: installed slapd package post-installation script subprocess returned error exit status 1

2018-07-17 Thread Ryan Tandy
from the terminal log: Jul 12 09:48:10 pii.host slapd[5659]: daemon: bind(8) failed errno=98 (Address already in use) Jul 12 09:48:10 pii.host slapd[5659]: daemon: bind(8) failed errno=98 (Address already in use) and from the apt log: Start-Date: 2018-07-12 06:42:24 Commandline: apt-get

[Touch-packages] [Bug 1547927] Re: LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS

2018-06-28 Thread Ryan Tandy
Last time I tried to reproduce this with a C program I was not successful, hence why I haven't been able to work on this from the upstream side. I will try again... Martin, it would be *very* helpful if you could post code or a script that demonstrates the issue in an automated way. I know you

Re: [Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages

2018-05-22 Thread Ryan Tandy
On Tue, May 22, 2018 at 05:48:42PM -, Dylan Gray wrote: >I know RHEL and SLES have an OpenLDAP version which has a dependency on >MIT Kerberos. As far as I know the libldap packages in those distros don't directly link a GSSAPI library at all. Ubuntu is the only one I'm aware of that

Re: [Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages

2018-05-22 Thread Ryan Tandy
On Tue, May 22, 2018 at 10:21:17AM -0700, Ryan Tandy wrote: >I see. Yes, I can see how that would be a problem. The linker warning >is only a warning, but the ABIs very likely do conflict. ... that said, at least one or two packages do seem to manage with both -lldap and -lgssap

Re: [Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages

2018-05-22 Thread Ryan Tandy
Hi Dylan, On Tue, May 22, 2018 at 04:39:21PM -, Dylan Gray wrote: >The dependency is a problem because my program depends on gssapi_krb5, >krb5, sasl, and openldap. On Ubuntu, the linker will throw errors >because "libkrb5.so.26, needed by //usr/lib/x86_64-linux- >gnu/libgssapi.so.3, may

Re: [Touch-packages] [Bug 1772530] Re: OpenLDAP depends on old version of KRB5 which conflicts with other packages

2018-05-22 Thread Ryan Tandy
Hi Dylan, Chances are libldap's dependency on libgssapi is not relevant for you. It's only used by the ldap_gssapi_bind family of functions, which are non-standard and only used by one or two specific applications. Without knowing more about your use case, I would assume that for your

Re: [Touch-packages] [Bug 1772530] [NEW] OpenLDAP depends on old version of KRB5 which conflicts with other packages

2018-05-21 Thread Ryan Tandy
Hi Dylan, On Mon, May 21, 2018 at 10:22:23PM -, Dylan Gray wrote: >Currently, Ubuntu 16.04's newest offered version of OpenLDAP is version >2.4.42. This version depends on libgssapi3 which in turn depends libkrb5 >version 2.6. Many other common libraries (like gssapi_krb5) depend on >libkrb5

Re: [Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2018-05-15 Thread Ryan Tandy
The attached debdiff is basically the same as what I already uploaded to Debian stable in 2.4.44+dfsg-5+deb9u1. No regressions were reported against that upload. Tested in a xenial chroot using my test program as above and the patch fixes the issue for me. Test packages are building now in

Re: [Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2018-05-15 Thread Ryan Tandy
I also recommend having your local hostname and FQDN in /etc/hosts when executing that test program, as the SASL library looks it up at least once on every iteration. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap

Re: [Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2018-05-15 Thread Ryan Tandy
Please find attached a test program and Makefile plus a test script to drive it. Basically the program exercises concurrent SASL binds. With the current packages in xenial, the test program fails in a variety of ways: $ ./sasltest rc = -6 (Unknown authentication method) sasltest:

Re: [Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2018-05-14 Thread Ryan Tandy
On Mon, May 14, 2018 at 02:34:13PM -, Andreas Hasenack wrote: >Last I tried, I couldn't reproduce it. Can we make the case for an SRU >without a clear test case? I'll try and find time this week to work up instructions. Would a program that demonstrates the issue (test instructions: compile

[Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2018-05-11 Thread Ryan Tandy
This slipped off my radar after the fix was uploaded to arful, but we should fix it in xenial as well. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1688575 Title:

[Touch-packages] [Bug 1763988] Re: package slapd 2.4.31-1+nmu2ubuntu8.2 failed to install/upgrade: underprosessen nytt pre-installation-skript returnerte feilstatus 1

2018-04-14 Thread Ryan Tandy
The slapd upgrade failed, because: Dumping to /var/backups/slapd-2.4.31-1+nmu2ubuntu8.2: - directory dc=testlab,dc=dev... 5ad25c38 ldif_read_file: checksum error on "/etc/ldap/slapd.d/cn=config.ldif" 5ad25c39 hdb_db_open: database "dc=testlab,dc=dev": db_open(/var/lib/ldap/id2entry.bdb)

[Touch-packages] [Bug 1547927] Re: LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS

2017-08-29 Thread Ryan Tandy
** Changed in: openldap (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1547927 Title: LDAP_OPT_X_TLS_REQUIRE_CERT handling

[Touch-packages] [Bug 1702290] Re: slapd fails to stop if /etc/ldap/slapd.d/cn=config.ldif is deleted but /etc/ldap/slapd.d still exists

2017-08-29 Thread Ryan Tandy
** Bug watch added: Debian Bug tracker #873682 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873682 ** Also affects: openldap (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873682 Importance: Unknown Status: Unknown -- You received this bug notification

[Touch-packages] [Bug 1656979] Re: No support for DHE ciphers (TLS)

2017-08-29 Thread Ryan Tandy
Hello Haw, openldap 2.4.45 is in artful now, so this should be fixed. could you please try your cipherscan again and confirm? Thanks! ** Changed in: openldap (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1702290] Re: package slapd 2.4.31-1+nmu2ubuntu8.4 failed to install/upgrade: subprocess installed pre-removal script returned error exit status 2

2017-08-29 Thread Ryan Tandy
Hello, Since you deleted all the contents out of the /etc/ldap/slapd.d folder, please delete that folder as well, then the uninstallation will proceed. The init script could probably be more resilient about this. ** Changed in: openldap (Ubuntu) Status: New => Confirmed ** Summary

[Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-08-11 Thread Ryan Tandy
** Changed in: openldap Status: Fix Committed => Fix Released ** Changed in: openldap (Ubuntu) Assignee: Ryan Tandy (rtandy) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in

[Touch-packages] [Bug 1708341] Re: package libldap-2.4-2 2.4.42+dfsg-2ubuntu3.1 failed to install/upgrade: intentando sobreescribir el compartido `/etc/ldap/ldap.conf', que es distinto de otras instan

2017-08-02 Thread Ryan Tandy
*** This bug is a duplicate of bug 1436558 *** https://bugs.launchpad.net/bugs/1436558 ** This bug has been marked a duplicate of bug 1436558 package libldap-2.4-2 2.4.31-1+nmu2ubuntu8 failed to install/upgrade: trying to overwrite shared '/etc/ldap/ldap.conf', which is different from

[Touch-packages] [Bug 1547927] Re: LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and STARTTLS

2017-07-28 Thread Ryan Tandy
Hi Martin, I'm trying to reproduce the bug you reported, in order to determine whether Maciej's patch fixed it or not. However, a simple C program making the following calls: ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, _version); ldap_initialize(, "ldaps://"); ldap_set_option(ld,

[Touch-packages] [Bug 1704726] Re: Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

2017-07-26 Thread Ryan Tandy
Closing as Gianfranco Costamagna already merged it on his own. ** Changed in: openldap (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu.

Re: [Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-07-24 Thread Ryan Tandy
Hi Andreas, On Mon, Jul 24, 2017 at 05:33:41PM -, Andreas Hasenack wrote: >I can take a look at this. Thanks. FYI the fix is released upstream in 2.4.45 and I'll be uploading that to Debian soon.

[Touch-packages] [Bug 1704726] Re: Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

2017-07-17 Thread Ryan Tandy
d ** Changed in: openldap (Ubuntu) Assignee: Ryan Tandy (rtandy) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1704726 Title: Please merge openldap 2.4

[Touch-packages] [Bug 1704726] Re: Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

2017-07-17 Thread Ryan Tandy
** Attachment added: "openldap_2.4.44+dfsg-8ubuntu1.dsc" https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1704726/+attachment/4915949/+files/openldap_2.4.44+dfsg-8ubuntu1.dsc -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1704726] Re: Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

2017-07-17 Thread Ryan Tandy
** Patch added: "openldap_2.4.44+dfsg-8ubuntu1.debdiff" https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1704726/+attachment/4915948/+files/openldap_2.4.44+dfsg-8ubuntu1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1704726] [NEW] Please merge openldap 2.4.44+dfsg-8 (main) from Debian unstable (main)

2017-07-17 Thread Ryan Tandy
: openldap (Ubuntu) Importance: Undecided Status: Confirmed ** Changed in: openldap (Ubuntu) Status: New => In Progress ** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Ryan Tandy (rtandy) ** Summary changed: - Please merge openldap openldap_2.4.44+dfsg-8

[Touch-packages] [Bug 1697397] Re: libldap-2.4.42+dfsg-2ubuntu3.2 crashes libreoffice

2017-06-13 Thread Ryan Tandy
I would be amazed if a libldap upgrade actually caused the error you've pasted here. It _should_ be completely unrelated - the symbol is a LibreOffice internal one you mentioned in a LibreOffice internal one. Could you please paste the relevant transactions from /var/log/apt/history.log (the

Re: [Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-05-16 Thread Ryan Tandy
Hi, Sorry for the silence, I'm in a busy spell and not able to look at Ubuntu stuff right now. I do intend to follow up and propose the patch for a stable update when I can; anyone else is welcome to beat me to it in the meantime. -- You received this bug notification because you are a

[Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-05-08 Thread Ryan Tandy
** Changed in: openldap (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1688575 Title: Segmentation fault on a slave slapd

[Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-05-08 Thread Ryan Tandy
Yes, just openldap. I uploaded the patched package to a PPA for you to try: https://launchpad.net/~rtandy/+archive/ubuntu/bug1688575 Hope that helps. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu.

[Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-05-07 Thread Ryan Tandy
** Also affects: openldap Importance: Undecided Status: New ** Changed in: openldap Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu.

[Touch-packages] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)

2017-05-05 Thread Ryan Tandy
in: openldap (Ubuntu) Assignee: (unassigned) => Ryan Tandy (rtandy) ** Patch added: "0001-ITS-8648-add-back-mutex-for-sasl_client_init.patch" https://bugs.launchpad.net/bugs/1688575/+attachment/4872308/+files/0001-ITS-8648-add-back-mutex-for-sasl_client_init.patch -- You rece

Re: [Touch-packages] [Bug 921489] Re: Segmentation fault in slapd (related to GSSAPI?)

2017-04-27 Thread Ryan Tandy
Hi Suho, On Thu, Apr 27, 2017 at 09:09:48AM -, Suho Meso wrote: >is a new bug really necessary, because the problem from this bug is really >similar? Yes, I would really prefer to track your issue in a new report. Sorry for the inconvenience. When you open the new bug, it would be

[Touch-packages] [Bug 921489] Re: Segmentation fault in slapd (related to GSSAPI?)

2017-04-26 Thread Ryan Tandy
Hi Suho, Please could you file a new bug for your issue, ideally using apport (ubuntu-bug) so that the backtrace can be collected? I have been looking at a similar issue (https://bugs.debian.org/860947) recently and the additional info would be great. Thanks! ** Bug watch added: Debian Bug

[Touch-packages] [Bug 1436558] Re: package libldap-2.4-2 2.4.31-1+nmu2ubuntu8 failed to install/upgrade: trying to overwrite shared '/etc/ldap/ldap.conf', which is different from other instances of pa

2017-03-22 Thread Ryan Tandy
This should be fixed in zesty now. openldap (2.4.44+dfsg-3ubuntu1) zesty; urgency=medium * Merge with Debian unstable (LP: #1663702, LP: #1654416). openldap (2.4.44+dfsg-1) unstable; urgency=medium * Fix policy 8.2 violation (Closes: #330695) + Move /etc/ldap/ldap.conf and manpage to

[Touch-packages] [Bug 1660447] Re: package slapd 2.4.42+dfsg-2ubuntu3.1 failed to install/upgrade: подпроцесс установлен сценарий post-installation возвратил код ошибки 1

2017-03-22 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 *** https://bugs.launchpad.net/bugs/112631 Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.31-1+nmu2ubuntu8.3... done. Moving old database directories to /var/backups: - directory dc=BlackWind.local... done. Loading from

[Touch-packages] [Bug 1670567] Re: package slapd 2.4.31-1+nmu2ubuntu8.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2017-03-22 Thread Ryan Tandy
** Changed in: openldap (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1670567 Title: package slapd 2.4.31-1+nmu2ubuntu8.3

[Touch-packages] [Bug 1675251] Re: package slapd 2.4.42+dfsg-2ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2017-03-22 Thread Ryan Tandy
Setting up slapd (2.4.42+dfsg-2ubuntu3.1) ... Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.31-1+nmu2ubuntu8.3... done. Moving old database directories to /var/backups: Backup path /var/backups/dc=localdomain-2.4.31-1+nmu2ubuntu8.3.ldapdb exists. Giving up... Please delete the

Re: [Touch-packages] [Bug 1670567] [NEW] package slapd 2.4.31-1+nmu2ubuntu8.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2017-03-06 Thread Ryan Tandy
Hello, The log says that slapd failed to start, but not why. Please could you check /var/log/syslog for messages emitted by slapd and paste them here. Alternatively, start slapd in debug mode (-d): /usr/sbin/slapd -h 'ldap:/// ldapi:///' -F /etc/ldap/slapd.d -u openldap -g openldap -d1 and

Re: [Touch-packages] [Bug 1656979] [NEW] No support for DHE ciphers (TLS)

2017-02-10 Thread Ryan Tandy
On Tue, Jan 17, 2017 at 12:49:36AM -, Haw Loeung wrote: >I think the fix is in the patch below that's released in 2.4.39: > >http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=622d13a32ec8d623c26a11b60b63e443dc86df99 http://www.openldap.org/its/?findid=7506 says: fixed in

Re: [Touch-packages] [Bug 1654416] Re: Requesting 2.4.44 build which includes fix for ITS#8185

2017-02-10 Thread Ryan Tandy
On Fri, Feb 10, 2017 at 07:03:14PM -, Nish Aravamudan wrote: >Ah ok, do you want me to send the patches via git to you there? The >Server Team has adopted >(https://wiki.ubuntu.com/UbuntuDevelopment/Merging/GitWorkflow) for >Ubuntu merges so we have our own tree (that's tracking the archive(s)

Re: [Touch-packages] [Bug 1654416] Re: Requesting 2.4.44 build which includes fix for ITS#8185

2017-02-10 Thread Ryan Tandy
On Fri, Feb 10, 2017 at 06:12:22PM -, Nish Aravamudan wrote: >I'm merging openldap 2.4.44+dfsg-3 today, I hope. Any concerns you have, >Ryan? Thanks for working on it. I thought zesty would have frozen by now, actually. FWIW, there is an ubuntu branch in the packaging repository on alioth.

Re: [Touch-packages] [Bug 1654416] Re: Requesting 2.4.44 build which includes fix for ITS#8185

2017-01-06 Thread Ryan Tandy
Hi Kartik and Hans, I don't recommend merging the current unstable version as support for Heimdal was temporarily dropped. 2.4.44+dfsg-3 with Heimdal re-enabled will be uploaded soon on the Debian side and that should be a better candidate. As usual, I will propose a merge once I'm happy with

[Touch-packages] [Bug 478827] Re: openldap database backend back_perl has undefined symbols (aka slapd-perl back-perl)

2016-11-21 Thread Ryan Tandy
*** This bug is a duplicate of bug 90812 *** https://bugs.launchpad.net/bugs/90812 ** This bug has been marked a duplicate of bug 90812 perl backend can't use dynamically loaded modules (DBI, POSIX...) -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 489597] Re: PMI Schema in slapd package can't be added to database

2016-11-21 Thread Ryan Tandy
Not sure exactly when it changed, but on xenial, the pmi schema seems to work fine. Tested: - adding the provided LDIF directly: ldapadd -H ldapi:// -Y EXTERNAL -f /etc/ldap/schema/pmi.ldif - including the schema in a slapd.conf file - converting pmi.schema to LDIF and adding that to slapd

[Touch-packages] [Bug 667597] Re: conf.d directory not a configuration directory

2016-11-21 Thread Ryan Tandy
** Changed in: openldap (Ubuntu) Assignee: Abhishek kumar singh (abhishekkumarsingh-cse) => (unassigned) ** Changed in: openldap (Ubuntu) Status: In Progress => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1594925] Re: package libldap-2.4-2 2.4.31-1+nmu2ubuntu12.3 failed to install/upgrade: a tentar sobreescrever '/etc/ldap/ldap.conf' partilhado, que é diferente de outras instância

2016-06-21 Thread Ryan Tandy
*** This bug is a duplicate of bug 1436558 *** https://bugs.launchpad.net/bugs/1436558 ** This bug has been marked a duplicate of bug 1436558 package libldap-2.4-2 2.4.31-1+nmu2ubuntu8 failed to install/upgrade: trying to overwrite shared '/etc/ldap/ldap.conf', which is different from

[Touch-packages] [Bug 1591681] Re: Impossible to configure GnuTLS' %SERVER_PRECEDENCE setting in slapd

2016-06-12 Thread Ryan Tandy
Thanks for the report. Confirmed in trusty, but cannot reproduce in xenial. However, gnutls- serv in trusty does accept the flag. Can you please check whether this still happens for you on a more recent release, and whether your SSL tester actually reports the problem is fixed? ** Changed in:

[Touch-packages] [Bug 1579566] Re: Automatic openldap db migration fails on release upgrade when using accesslog overlay

2016-05-09 Thread Ryan Tandy
*** This bug is a duplicate of bug 1003854 *** https://bugs.launchpad.net/bugs/1003854 Thanks for the report. This is most likely bug 1003854, triggered in this case by having /var/lib/ldap/accesslog nested inside /var/lib/ldap. ** Summary changed: - Automatic openldap db migration fails on

[Touch-packages] [Bug 1573557] Re: package libldap-2.4-2 2.4.42+dfsg-2ubuntu3 [modified: usr/share/doc/libldap-2.4-2/changelog.Debian.gz] failed to install/upgrade: trying to overwrite shared '/usr/sh

2016-04-22 Thread Ryan Tandy
*** This bug is a duplicate of bug 1436558 *** https://bugs.launchpad.net/bugs/1436558 ** This bug has been marked a duplicate of bug 1436558 package libldap-2.4-2 2.4.31-1+nmu2ubuntu8 failed to install/upgrade: trying to overwrite shared '/etc/ldap/ldap.conf', which is different from

[Touch-packages] [Bug 1559775] Re: package slapd 2.4.42+dfsg-2ubuntu3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2016-03-20 Thread Ryan Tandy
from DpkgTerminalLog: Setting up slapd (2.4.42+dfsg-2ubuntu3) ... Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.31-1+nmu2ubuntu8.2... done. Moving old database directories to /var/backups: Backup path /var/backups/dc=nodomain-2.4.31-1+nmu2ubuntu8.2.ldapdb exists. Giving up...

Re: [Touch-packages] [Bug 1550437] Re: [BUG] Unable to install: dependency problem

2016-02-26 Thread Ryan Tandy
On Fri, Feb 26, 2016 at 07:56:59PM -, Michal Dziczkowski wrote: >I don't have the mantioned PPA in my repositories, so how could I >install slapd from it? The 'apt-cache policy' output you posted does include it. > 500 http://ppa.launchpad.net/dirk-computer42/c42-backport/ubuntu/ trusts / >

[Touch-packages] [Bug 1550437] Re: [BUG] Unable to install: dependency problem

2016-02-26 Thread Ryan Tandy
> Investigating (0) slapd [i386] 2.4.40-4 ~ ~ ubuntu14.04.1 c42.ppa1> (net) This package (slapd 2.4.40-4~ubuntu14.04.1~c42.ppa1) is not part of Ubuntu. It comes from one of the PPAs you have installed: https://launchpad.net/~dirk-computer42/+archive/ubuntu/c42-backport This is either a problem

[Touch-packages] [Bug 1550437] Re: [BUG] Unable to install: dependency problem

2016-02-26 Thread Ryan Tandy
Hi Michal, Thanks for the report. Can I ask you to provide some more information? The output from the following commands would be very helpful: lsb_release -a uname -a apt-cache policy apt-get -y install slapd apt-get -y -o Debug::pkgProblemResolver=1 install slapd ** Changed in: openldap

[Touch-packages] [Bug 1536301] Re: package libldap-2.4-2 2.4.41+dfsg-1ubuntu3 [modified: usr/share/doc/libldap-2.4-2/changelog.Debian.gz] failed to install/upgrade: trying to overwrite shared '/usr/sh

2016-01-25 Thread Ryan Tandy
Sounds like a case of multi-arch skew. If I'm reading correctly, you had libldap-2.4-2 2.4.41+dfsg-1ubuntu2 installed for both i386 and amd64; but then you tried to upgrade to -1ubuntu3 on i386 only. Updating your system should resolve this, I think. ** Changed in: openldap (Ubuntu)

[Touch-packages] [Bug 1537762] Re: syncrepl does not work when using tls

2016-01-25 Thread Ryan Tandy
Hi Ian, I found https://stathers.net/2016/01/14/thawte-premium-ssl- md5-gnutls.html but it would be surprising if that broke syncrepl but not ldapsearch. Still, worth checking if you haven't already. (ldapsearch and syncrepl are using the same CA certificate, right?) Is there any interesting

[Touch-packages] [Bug 1537762] Re: syncrepl does not work when using tls

2016-01-25 Thread Ryan Tandy
Please also have a look at https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1534230 (thanks to sarnold for the pointer) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu.

[Touch-packages] [Bug 874339] Re: package slapd 2.4.23-6ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2016-01-25 Thread Ryan Tandy
*** This bug is a duplicate of bug 1040177 *** https://bugs.launchpad.net/bugs/1040177 ** This bug has been marked a duplicate of bug 1040177 slapd install fails when requesting to 'Omit OpenLDAP server configuration" -- You received this bug notification because you are a member of

[Touch-packages] [Bug 694707] Re: database doesn't get purged during purge

2016-01-25 Thread Ryan Tandy
There is a debconf question about purge: Template: slapd/purge_database Type: boolean Default: false Description: Do you want the database to be removed when slapd is purged? Note that false is the default. Was it changed to true before purging? ** Changed in: openldap (Ubuntu) Status:

[Touch-packages] [Bug 1532648] [NEW] Please merge openldap 2.4.42+dfsg-2 (main) from Debian testing (main)

2016-01-10 Thread Ryan Tandy
Public bug reported: Please merge openldap 2.4.42+dfsg-2 (main) from Debian testing (main) ** Affects: openldap (Ubuntu) Importance: Undecided Assignee: Ryan Tandy (rtandy) Status: In Progress ** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Ryan Tandy (rta

[Touch-packages] [Bug 1532648] proposed merged package

2016-01-10 Thread Ryan Tandy
/openldap_2.4.42+dfsg-2ubuntu1.debian.tar.xz ** Changed in: openldap (Ubuntu) Assignee: Ryan Tandy (rtandy) => (unassigned) ** Changed in: openldap (Ubuntu) Status: In Progress => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch see

[Touch-packages] [Bug 990751] Re: package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 *** https://bugs.launchpad.net/bugs/112631 ** This bug has been marked a duplicate of bug 112631 slapd failed to install/upgrade: database (dc=xxx,dc=xxx,dc=xx) not configured to hold "dc=nodomain" -- You received this bug notification because

[Touch-packages] [Bug 989243] Re: package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 *** https://bugs.launchpad.net/bugs/112631 ** This bug has been marked a duplicate of bug 112631 slapd failed to install/upgrade: database (dc=xxx,dc=xxx,dc=xx) not configured to hold "dc=nodomain" -- You received this bug notification because

[Touch-packages] [Bug 840513] Re: package slapd 2.4.23-6ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 862520 *** https://bugs.launchpad.net/bugs/862520 >From the upgrade log: Setting up slapd (2.4.23-6ubuntu6) ... Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.21-0ubuntu5.4... done. Moving old database directories to /var/backups: Loading from

[Touch-packages] [Bug 896737] Re: package slapd 2.4.21-0ubuntu5.6 failed to install/upgrade:

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 *** https://bugs.launchpad.net/bugs/112631 Thanks dino99, but this one is still relevant and does need to be fixed. We should keep it open. ** Changed in: openldap (Ubuntu) Status: Invalid => Confirmed ** Bug watch added: Debian Bug tracker

[Touch-packages] [Bug 391420] Re: slapd failed to install/upgrade: slapadd: line 1: database (dc=xxx, dc=xxx, dc=xx) not configured to hold "dc=nodomain"

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 *** https://bugs.launchpad.net/bugs/112631 ** This bug has been marked a duplicate of bug 112631 [apport] package slapd failed to install/upgrade: -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 862520] Re: package slapd 2.4.23-6ubuntu6 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1

2015-12-26 Thread Ryan Tandy
caused by: Preparing to replace slapd 2.4.21-0ubuntu5.5 (using .../slapd_2.4.23-6ubuntu6_amd64.deb) ... Dumping to /var/backups/slapd-2.4.21-0ubuntu5.5: Unpacking replacement slapd ... Would need a copy of the config before the upgrade in order to determine why the database was not listed for

[Touch-packages] [Bug 990892] Re: package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

2015-12-26 Thread Ryan Tandy
There isn't enough information (would need debconf info) to say for sure, but this is most likely caused by slapd/domain ending with a dot, or otherwise causing olcSuffix to end up containing an unacceptable character. The former case has been fixed in wily and later. ** Changed in: openldap

[Touch-packages] [Bug 988688] Re: slapd failed to upgrade: no databases were backed up

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 862520 *** https://bugs.launchpad.net/bugs/862520 ** Summary changed: - package slapd 2.4.21-0ubuntu5.7 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 + slapd failed to upgrade: no databases were

[Touch-packages] [Bug 1108252] Re: package slapd 2.4.28-1.1ubuntu4.2 failed to install/upgrade: ErrorMessage: el subproceso instalado el script post-installation devolvió el código de salida de error

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 *** https://bugs.launchpad.net/bugs/112631 ** This bug is no longer a duplicate of bug 1011227 package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1 **

[Touch-packages] [Bug 1011227] Re: package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1

2015-12-26 Thread Ryan Tandy
*** This bug is a duplicate of bug 112631 *** https://bugs.launchpad.net/bugs/112631 ** This bug has been marked a duplicate of bug 112631 slapd failed to install/upgrade: database (dc=xxx,dc=xxx,dc=xx) not configured to hold "dc=nodomain" -- You received this bug notification because

[Touch-packages] [Bug 112631] Re: slapd failed to install/upgrade: database (dc=xxx, dc=xxx, dc=xx) not configured to hold "dc=nodomain"

2015-12-26 Thread Ryan Tandy
** Summary changed: - [apport] package slapd failed to install/upgrade: + slapd failed to install/upgrade: database (dc=xxx,dc=xxx,dc=xx) not configured to hold "dc=nodomain" ** Bug watch added: Debian Bug tracker #546368 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546368 ** Also

[Touch-packages] [Bug 571752] Re: slapd upgrades don't add frontend ACLs for base="" and cn=subschema

2015-12-26 Thread Ryan Tandy
Fixed in natty and later, looks like. openldap (2.4.23-5) unstable; urgency=high [...] * debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which otherwise is blocked by our added olcAccess settings.

[Touch-packages] [Bug 1501047] Re: package libldap-2.4-2:i386 2.4.31-1+nmu2ubuntu8.1 failed to install/upgrade: vereistenproblemen - blijft ongeconfigureerd

2015-09-29 Thread Ryan Tandy
Hi, It does not look like an openldap bug to me: dpkg: error processing package libgcrypt11:i386 (--configure): package is in a very bad inconsistent state; you should reinstall it before attempting configuration dpkg: dependency problems prevent configuration of libldap-2.4-2:i386:

[Touch-packages] [Bug 1495339] Re: package slapd 2.4.31-1+nmu2ubuntu12.2 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1

2015-09-14 Thread Ryan Tandy
Thanks for the bug report. The dpkg log says: Configurando slapd (2.4.31-1+nmu2ubuntu12.2) ... Creating new user openldap... done. Creating initial configuration... done. Creating LDAP directory... done. insserv: warning: script 'K01centrify-kcm' missing LSB tags and overrides insserv:

[Touch-packages] [Bug 1489071] Re: slapd expose server filestructure when issue lpadsearch with special query

2015-08-26 Thread Ryan Tandy
Please read https://help.ubuntu.com/community/ShellGlobbing to understand how your shell interprets the * character. ** Changed in: openldap (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed

[Touch-packages] [Bug 1479512] Re: package libldap-2.4-2:i386 2.4.31-1+nmu2ubuntu12.2 failed to install/upgrade: package libldap-2.4-2:i386 is already installed and configured

2015-07-29 Thread Ryan Tandy
Thanks for the report. I guess apt has gotten confused since you had to reboot in the middle of the upgrade. I don't know that there's anything I can do about it from openldap's end, though. ** Package changed: openldap (Ubuntu) = apt (Ubuntu) -- You received this bug notification because you

[Touch-packages] [Bug 1392018] Re: apparmor stops /var/run/ldapi from being read causing ldap to fail

2015-07-28 Thread Ryan Tandy
With slapd from vivid-updates: # dpkg-query -W slapd slapd 2.4.31-1+nmu2ubuntu12.1 # ldapwhoami -H ldapi:// -QY EXTERNAL ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) With slapd from vivid-proposed: # dpkg-query -W slapd slapd 2.4.31-1+nmu2ubuntu12.2 # ldapwhoami -H ldapi://

[Touch-packages] [Bug 1472639] Re: apparmor profile denied for kerberos: /run/.heim_org.h5l.kcm-socket

2015-07-24 Thread Ryan Tandy
Hi Kartik, To help me reproduce and verify this, can you describe your setup where slapd stores its credentials in the KCM? I'm asking because I do see these denials, but they don't appear to affect operation with a keytab, and I haven't been able to get slapd to work without a keytab. I'm

[Touch-packages] [Bug 1471831] RFS: openldap/2.4.41+dfsg-1ubuntu1

2015-07-24 Thread Ryan Tandy
Hi sponsors, Please review the attached merge of openldap from Debian unstable. Thanks in advance. ** Attachment added: openldap_2.4.41+dfsg-1ubuntu1_source.changes https://bugs.launchpad.net/bugs/1471831/+attachment/4433779/+files/openldap_2.4.41%2Bdfsg-1ubuntu1_source.changes **

  1   2   >