[Pkg-openldap-devel] Bug#370343: Worked out a patch in order to make default file preseedable

Steve Langasek vorlon at debian.org
Sat Apr 5 00:20:35 UTC 2008 

tags 370343 -patch
thanks

On Fri, Apr 04, 2008 at 05:19:36PM +0200, Patrick Winnertz wrote:
> Hello openldap maintainers. 
> During the Debian Edu worksession in Extremadura I've created a patch in 
> order to preseed the default file of slapd. 
> Please note that this bug is a blocker bug of our very long standing issue 
> 311188 which is sort of release critical.
> So please consider to include the patch.

Sorry, nack on this patch in its current form.

- The postinst dynamically creates files under /usr/share.  State files like
  this should only ever be created under /var/lib.
- Why are you using a home-grown md5sum solution instead of using ucf?  For
  an effective use of ucf, please see the samba-common package in
  testing/unstable.
- Why does SLAPD_SERVICES need to be edited at all in your environment -
  what are the settings that you're preseeding, and wouldn't it be better to
  try to identify a sensible default for this file?  I don't think the
  current behavior of this file *is* a sensible default, because ldapi:///
  is missing; but ldap:/// ldapi:/// should be a sensible default IMHO,
  excluding ldaps:/// because TLS should be sufficient for the common
  case.  You do mention in the bug report that you specifically care about
  enabling ldaps:///, can you explain why this is needed in your
  environment?  What clients do you have that can't use TLS?
- Likewise, why do you need to override the location of slapd.conf, as
  opposed to fixing up the standard slapd.conf for your needs?  This wasn't
  even mentioned before now in your bug report.
- Oh, and making SLAPD_SERVICES a multiselect breaks things for those users
  who want to bind to specific IPs.
- Finally, assuming all of the above are resolved, the text of the debconf
  templates contains a number of English errors that would need to be
  addressed prior to inclusion.

I'm sympathetic to your desire to have the slapd package usable
out-of-the-box for your environment, but I think there needs to be a clearer
rationale for the particular changes you're proposing.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org

More information about the Pkg-openldap-devel mailing list