[Pkg-freeipa-devel] Bug#912224: since update 1.3.3.5-4+deb8u5 php ldap authentification failure

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Tue Sep 17 17:02:58 BST 2019 

Hi,

On  Di 17 Sep 2019 17:38:03 CEST, Mike Gabriel wrote:

> What I did:
>
> 1. Setup a fresh 389-ds instance using jessie's original version
> (see http://snapshot.debian.org/package/389-ds-base/1.3.3.5-4/)
>
> 2. Upgrade to +deb8u4, test login, LDAP queries, etc.
>
> -> worked
>
> 3. Upgrade to +deb8u5, test login, LDAP queries, etc.
>
> -> worked
>
> 4. Upgrade to +deb8u6, test login, LDAP queries, etc.
>
> -> worked
>
> Can you be any chance provide more info about this issue? What  
> exactly are the LDAP queries, that Nextcloud does on your 389-ds  
> server?
>
> Can anyone else give feedback about 389-ds in jessie LTS? Any  
> observed problems that look similar to #912224 [1]?
>
> Thanks+Greets,
> Mike
>
> [1] https://bugs.debian.org/912224

completing the story...

During package upgades, I see upgrade failures:

```
root at jessie:~# apt-get install 389-ds-base --reinstall
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
Statusinformationen werden eingelesen.... Fertig
0 aktualisiert, 0 neu installiert, 1 erneut installiert, 0 zu  
entfernen und 0 nicht aktualisiert.
Es müssen noch 0 B von 1.459 kB an Archiven heruntergeladen werden.
Nach dieser Operation werden 0 B Plattenplatz zusätzlich benutzt.
(Lese Datenbank ... 137483 Dateien und Verzeichnisse sind derzeit  
installiert.)
Vorbereitung zum Entpacken von .../389-ds-base_1.3.3.5-4+deb8u6_amd64.deb ...
Entpacken von 389-ds-base (1.3.3.5-4+deb8u6) über (1.3.3.5-4+deb8u6) ...
Trigger für man-db (2.7.0.2-5) werden verarbeitet ...
Trigger für systemd (215-17+deb8u13) werden verarbeitet ...
389-ds-base (1.3.3.5-4+deb8u6) wird eingerichtet ...
dpkg: Fehler beim Bearbeiten des Paketes 389-ds-base (--configure):
  Unterprozess installiertes post-installation-Skript gab den  
Fehlerwert 1 zurück
Fehler traten auf beim Bearbeiten von:
  389-ds-base
E: Sub-process /usr/bin/dpkg returned an error code (1)
```

The underlying reason of this is this:

```
root at jessie:~# setup-ds -u -s General.UpdateMode=offline
Use of literal control characters in variable names is deprecated at  
/usr/lib/x86_64-linux-gnu/dirsrv/perl/DSCreate.pm line 867.
Could not rename config file  
'/etc/dirsrv/slapd-jessie/slapd-collations.conf' to  
'/var/lib/dirsrv/slapd-jessie/bak.bak/slapd-collations.conf'.  Error:  
Ungültiger Link über Gerätegrenzen hinweg
Error: could not update the directory server.
Exiting . . .
Log file is '/tmp/setupKkbY5z.log'
```

The fix for it (that one has to apply to  
/usr/share/dirsrv/updates/60upgradeconfigfiles.pl and then run  
"apt-get install -f") is this:

```
--- updates.orig/60upgradeconfigfiles.pl	2018-09-03 09:58:45.911804203 +0200
+++ updates/60upgradeconfigfiles.pl	2018-09-03 09:59:36.420699451 +0200
@@ -31,7 +31,7 @@
          next if (! -f $oldname); # does not exist - skip - already
(re)moved
          my $newname = "$bakdir/$file";
          $! = 0; # clear
-        rename $oldname, $newname;
+        move $oldname, $newname;
          if ($!) {
              push @errs, ["error_renaming_config", $oldname, $newname, $!];
          }
@@ -57,7 +57,7 @@
              next if (! -f $oldname); # does not exist - not backed up
              my $newname = $inf->{slapd}->{config_dir} . "/" . $file;
              next if (-f $newname); # not removed
-            rename $oldname, $newname;
+            move $oldname, $newname;
          }
          return @errs;
      }
```

So, an improvement, we could offer is fixing the upgrade of  
389-ds-base (which had been broken since jessie got released, in fact).

Greets,
Mike
-- 

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: Digitale PGP-Signatur
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20190917/9c857a95/attachment-0001.sig>

More information about the Pkg-freeipa-devel mailing list