[Pkg-openldap-devel] r699 - openldap/trunk-2.3/debian

Steve Langasek vorlon at debian.org
Tue Jul 25 22:23:34 UTC 2006 

On Tue, Jul 25, 2006 at 08:33:51PM +0000, Matthijs Mohlmann wrote:
> Author: active2-guest
> Date: 2006-07-25 20:33:49 +0000 (Tue, 25 Jul 2006)
> New Revision: 699

> Modified:
>    openldap/trunk-2.3/debian/changelog
>    openldap/trunk-2.3/debian/slapd.postinst
>    openldap/trunk-2.3/debian/slapd.preinst
> Log:
>  * Moved create_new_user to preinst. This will fix a hang with libnss-ldap.

> Modified: openldap/trunk-2.3/debian/changelog
> ===================================================================
> --- openldap/trunk-2.3/debian/changelog	2006-07-23 09:52:50 UTC (rev 698)
> +++ openldap/trunk-2.3/debian/changelog	2006-07-25 20:33:49 UTC (rev 699)
> @@ -17,8 +17,11 @@
>    * Removed script move_files, dh_install is used instead. (Closes: #368896)
>    * Dutch translation already updated. Closes: #375101)
>    * Documented that slapd is compiled with TCP wrappers (Closes: #351428)
> +  * Create a new user before slapd is stopped. It is possible that libnss-ldap
> +    is using slapd on localhost which causes a hang in the upgrade procedure.
> +    (Closes: #379728)

I don't think this is a correct solution at all.  Why is getent group
hanging on this user's system?  slapd being disabled shouldn't cause this;
it sounds to me like this is a buggy NSS configuration, probably caused by
the new stupid upstream defaults in libnss-ldap which the Debian maintainer
has confirmed over my objections.

NSS hanging indefinitely due to a downed server is BROKEN BROKEN BROKEN, and
one-off workarounds for the symptoms are a disservice to our users.

Your commit is also RC-buggy, because it lacks the necessary pre-depends on
adduser that would allow calling addgroup and adduser in the preinst, and
you haven't discussed this on debian-devel either as required by policy
before adding new pre-depends.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20060725/43cb420f/attachment.pgp

More information about the Pkg-openldap-devel mailing list