Bug#921953: apacheds: Further analysis

Johan Grip ogun at ogun.org
Sun Feb 10 20:25:30 GMT 2019 

Hi.

Looked at it a bit more and found the following things.

ApacheDS have moved it's configuration to a dynamic schema based setup, 
like OpenLDAP.
As part of the startup it tries to migrate the config.ldif to a folder 
based setup
in ou=config. Since the user it runs as doesn't have write permission 
for /etc/apacheds
it fails and then gives up starting.

Additionally, once the permission issue is sorted the current systemd 
unit checks for the
existance of the config.ldif file which will be renamed as part of the 
migration so it will
not start the server.

The patch below fixes both but I'm not sure if services are supposed to 
write in /etc.

---<snip>---
diff -ur apache-directory-server-2.0.0~M15/debian/apacheds.postinst 
apache-directory-server-2.0.0~M15-mod/debian/apacheds.postinst
--- apache-directory-server-2.0.0~M15/debian/apacheds.postinst  
2015-07-01 22:22:10.000000000 +0200
+++ apache-directory-server-2.0.0~M15-mod/debian/apacheds.postinst      
2019-02-10 21:07:19.687924216 +0100
@@ -32,7 +32,9 @@
          # Fix directory permissions
          chown -R $APACHEDS_USER:$APACHEDS_GROUP /var/log/apacheds || 
true
          chown -R $APACHEDS_USER:$APACHEDS_GROUP /var/lib/apacheds || 
true
+        chown $APACHEDS_USER:$APACHEDS_GROUP /etc/apacheds
          chown $APACHEDS_USER:$APACHEDS_GROUP /etc/apacheds/*
+        chmod 640 /etc/apacheds
          chmod 640 /etc/apacheds/*
      ;;

diff -ur apache-directory-server-2.0.0~M15/debian/apacheds.service 
apache-directory-server-2.0.0~M15-mod/debian/apacheds.service
--- apache-directory-server-2.0.0~M15/debian/apacheds.service   
2015-07-01 22:22:10.000000000 +0200
+++ apache-directory-server-2.0.0~M15-mod/debian/apacheds.service       
2019-02-10 21:04:28.228844408 +0100
@@ -1,7 +1,8 @@
  [Unit]
  Description=Apache Directory Server
  After=network.target
-ConditionPathExists=/etc/apacheds/config.ldif
+ConditionPathExists=|/etc/apacheds/config.ldif
+ConditionPathIsDirectory=|/etc/apacheds/ou=config

  [Service]
  Type=simple

Regards,
   Johan

More information about the pkg-java-maintainers mailing list