[Pkg-openldap-devel] Bug#406173: slapd upgrade alters configuration files without asking for permission

Juha Jäykkä juhaj at iki.fi
Tue Jan 9 10:20:24 CET 2007 

Package: slapd
Version: 2.3.30-2
Severity: serious
Justification: Policy 10.7.3


Doing "aptitude upgrade slapd" produces the following output, without
any questions:

Installing new version of config file /etc/init.d/slapd ...
  Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.3.29-1... done.

My dpkg.cfg sets "force-confold", so I was not expecting any questions
about new config files - I was expecting my old ones to stay around.

I thought about making this critical since breaking slapd config breaks
logins and nsswitches from *ALL* *MACHINES* using the said slapd for uid and 
gid resolution. Luckily the upgraded machine was a replica slapd, not the
primary...

-Juha


-- System Information:
Debian Release: 4.0
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-amd64
Locale: LANG=en_GB.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)

Versions of packages slapd depends on:
ii  adduser                   3.99           Add and remove users and groups
ii  coreutils                 5.97-5         The GNU core utilities
ii  debconf [debconf-2.0]     1.5.6          Debian configuration management sy
ii  libc6                     2.3.6.ds1-4    GNU C Library: Shared libraries
ii  libdb4.2                  4.2.52+dfsg-1  Berkeley v4.2 Database Libraries [
ii  libiodbc2                 3.52.4-3       iODBC Driver Manager
ii  libldap-2.3-0             2.3.30-2       OpenLDAP libraries
ii  libltdl3                  1.5.22-4       A system independent dlopen wrappe
ii  libperl5.8                5.8.8-6.1      Shared Perl library
ii  libsasl2-2                2.1.22.dfsg1-8 Authentication abstraction library
ii  libslp1                   1.2.1-6        OpenSLP libraries
ii  libssl0.9.8               0.9.8c-3       SSL shared libraries
ii  libwrap0                  7.6.dbs-11     Wietse Venema's TCP wrappers libra
ii  perl [libmime-base64-perl 5.8.8-6.1      Larry Wall's Practical Extraction 
ii  psmisc                    22.3-1         Utilities that use the proc filesy

Versions of packages slapd recommends:
ii  libsasl2-modules        2.1.19.dfsg1-0.5 Pluggable Authentication Modules f

-- debconf information:
  slapd/password_mismatch:
  slapd/fix_directory: true
  slapd/invalid_config: true
  shared/organization:
  slapd/upgrade_slapcat_failure:
  slapd/upgrade_slapadd_failure:
  slapd/backend: BDB
  slapd/dump_database: when needed
* slapd/allow_ldap_v2: false
* slapd/no_configuration: true
  slapd/migrate_ldbm_to_bdb: false
  slapd/move_old_database: true
  slapd/suffix_change: false
  slapd/slave_databases_require_updateref:
  slapd/dump_database_destdir: /var/backups/slapd-VERSION
  slapd/autoconf_modules: true
  slapd/purge_database: false
  slapd/domain:

More information about the Pkg-openldap-devel mailing list