[Pkg-openldap-devel] RFR: Preliminary patch for cn=config support: new installs

Mathias Gug mathias.gug at canonical.com
Tue Aug 12 02:17:49 UTC 2008 

Hi,

I've attached a patch that is based on the version I've uploaded today
to Intrepid (which is based on 2.4.11).

The main difference is that intrepid doesn't have the code to support
upgrades from etch (as we're only supporting from hardy, which has
2.4.9 now).

On Sat, Aug 09, 2008 at 04:57:00PM -0500, Steve Langasek wrote:
> You should of course make whatever changes are appropriate here for
> intrepid.

I've removed all the code in intrepid.

> > > Why does this take out the warning about a missing
> > > /etc/ldap/schema/core.schema?  Should it be replaced with a warning about
> > > core.ldif...?
> 
> > Are you refering to /etc/ldap/schema/core.ldif (which is used when
> > created a new configuration) or to
> > /etc/ldap/slapd.d/cn=config/cn=shema/core.ldif (which is used by slapd)
> > ?
> 
> /etc/ldap/schema/core.ldif, I believe.

/etc/ldap/schema/core.ldif is only required when creating a new
directory, which happens during the postinst. I assumed that the comment
was for administrators that would comment the include line in slapd.conf
(and thus slapd would fail to start). Deleting core.ldif would have an
impact when re-configuring a new slapd system (in which case slapadd
would fail).

> > > This particular change removes the need for noisy_slapadd to exist at all,
> > > but it also leaves behind tmp files on failure (as does the changed
> > > create_new_slapd_conf() function).  I think that in the case of
> > > create_new_directory where the ldif is small enough to fit on a screen, the
> > > original behavior might have been better, so we don't have to leave tmp
> > > files around for the user to inspect if they want to understand what
> > > happened.
> 
> > We could probably dump the ldif file in the message and delete the
> > temporary file while still using the capture_diagnostics function.
> 
> That sounds like a pretty good solution to me.  Do you plan to implement
> this?
>

I haven't implemented this suggestion in the intrepid upload.

> I think we've cleared up the confusion here on IRC, but just to reiterate,
> my point was only that we don't ever need two internal templates for the
> crypted passwords because we never have more than one crypted password at a
> time and the text of the debconf question is irrelevant because it's never
> shown to the user.

I've reworked the code to only use slapd/adminpw.

-- 
Mathias Gug
Ubuntu Developer  http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cnconfig-migration_236.patch
Type: text/x-diff
Size: 180633 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20080812/61715cf3/attachment.patch>

More information about the Pkg-openldap-devel mailing list