[Pkg-openldap-devel] Bug#491148: upgrade fails, /etc/default/slapd is the solution
Louis van Belle
louis at van-belle.nl
Thu Jul 17 07:57:32 UTC 2008
Package: slapd
Version: 2.4.10-2
Severity: important
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (650, 'testing'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages slapd depends on:
ii adduser 3.108 add and remove users and groups
ii coreutils 6.10-6 The GNU core utilities
ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libdb4.2 4.2.52+dfsg-4 Berkeley v4.2 Database Libraries [
ii libgnutls26 2.4.1-1 the GNU TLS library - runtime libr
ii libldap-2.4-2 2.4.10-2 OpenLDAP libraries
ii libltdl3 1.5.26-4 A system independent dlopen wrappe
ii libperl5.10 5.10.0-11 Shared Perl library
ii libsasl2-2 2.1.22.dfsg1-21 Cyrus SASL - authentication abstra
ii libslp1 1.2.1-7.3 OpenSLP libraries
ii libwrap0 7.6.q-15 Wietse Venema's TCP wrappers libra
ii perl [libmime-base64-per 5.10.0-11 Larry Wall's Practical Extraction
ii psmisc 22.6-1 Utilities that use the proc filesy
ii unixodbc 2.2.11-16 ODBC tools libraries
Versions of packages slapd recommends:
ii libsasl2-modules 2.1.22.dfsg1-21 Cyrus SASL - pluggable authenticat
-- debconf information:
slapd/internal/adminpw: (password omitted)
* slapd/password1: (password omitted)
* slapd/password2: (password omitted)
slapd/password_mismatch:
slapd/tlsciphersuite:
slapd/invalid_config: true
shared/organization: test.domain.com
slapd/upgrade_slapcat_failure:
slapd/slurpd_obsolete:
slapd/backend: HDB
slapd/dump_database: when needed
slapd/allow_ldap_v2: false
slapd/no_configuration: false
slapd/migrate_ldbm_to_bdb: false
slapd/move_old_database: true
slapd/suffix_change: false
slapd/dump_database_destdir: /var/backups/slapd-VERSION
slapd/purge_database: false
slapd/domain: test.domain.com
In replsync configuration upgrading slapd will fail.
there are problems locating pid id and/or locating slapd.conf
upgrade contineus after setting in /etc/default/slapd
user and group to openldap
pid to /var/run/slapd/slapd.pid
conf to /etc/ldap/slapd.conf
without these 4 setting upgrade wil always fail.
same problem in Etch and same fix is used.
this is the config used in slapd.conf
#######################################################################
# Global Directives:
# Features to permit
allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/qmail.schema
include /etc/ldap/schema/zarafa.schema
schemacheck on
modulepath /usr/lib/ldap
moduleload back_bdb
moduleload syncprov
moduleload accesslog
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
#The <hash> to use for userPassword generation. One
#of {SSHA}, {SHA}, {SMD5}, {MD5}, {CRYPT},
#KERBEROS}, {SASL}, and {UNIX}. The default is {SSHA}.
password-hash {MD5}
# timeout (in seconds) for dead connections
#timeout 60
loglevel 0
#loglevel 256
#loglevel 65535
#Server and CA Certificates
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/ldap/ssl/certs/ca.pem
TLSCertificateKeyFile /etc/ldap/ssl/ldap.key
TLSCertificateFile /etc/ldap/ssl/ldap.pem
TLSVerifyClient allow
# Each client that will access the OpenLDAP server using ldaps://
# needs to have a copy of cacert.pem. The ldap.conf file must
# point to the certificate:
#TLS_CACERT /etc/ldap/ssl/certs/ca.pem
# The maximum number of entries that is returned for a search operation
#default: sizelimit 500
sizelimit -1
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057
# for more information.
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500
suffix "dc=test,dc=domain,dc=com"
rootdn "cn=admin,dc=test,dc=domain,dc=com"
rootpw {SSHA}REMOVED
directory "/var/lib/ldap"
checkpoint 512 60
lastmod on
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
access REMOVED
## for indexing replsync items
index entryCSN eq
index entryUUID eq
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
More information about the Pkg-openldap-devel
mailing list