[Pkg-openldap-devel] Bug#595464: slapd: migration to new setup fails

Steve Langasek vorlon at debian.org
Wed Sep 8 19:40:06 UTC 2010 

On Wed, Sep 08, 2010 at 09:31:47AM +0200, Vincent Danjean wrote:
> Are you sure ? For now, in some situation, there is no way to upgrade the
> package without manually editing debconf files...

Yes, I'm sure, because it's not true that this is the only way to upgrade.

> > This has nothing to do with non-standard configurations, and everything to
> > do with the fact that you had set slapd/move_old_database to 'false' in
> > debconf.  Why did you do this?  This is a low-priority debconf question that
> > defaults to 'true'.

> I installed the virtual machine a few weeks ago. I do not remember changing
> debconf priority nor answering to this question (I discovered it when looking
> at the postinst when the upgrade fails).

Hmm, that's strange.  Your bug report also didn't include the debconf
settings for this system; can you please provide a copy of the full entry
for move_old_database in /var/cache/debconf/config.dat?

> > It is possible to handle this migration by hand if you choose (not a good
> > idea IMHO, but possible).  You just need to leave the directory in place, so
> > slapadd has somewhere to write since it won't create the path for you.

> I do not understand what you say here. I tried to move away my subdirectory
> (/var/lib/ldap/danjean) as the error message says. Then I got another error
> message (see my bug report).

I'm saying that you need to move the *contents* of the directory, and leave
the *directory* in place.  The error message does say this:  it tells you
that the problem is "leftover files in <directory>" and to "move away stuff
in there" (hmm, not a well-worded message, but it's accurate).

The following error after you had moved the directory also points to this:

  Loading the database from the LDIF dump failed with the following
  error while running slapadd:
      /etc/ldap/slapd.conf: line 83: invalid path: No such file or directory
      slapadd: bad configuration file!

Where line 83, I trust, is the "directory /var/lib/ldap/danjean" line.  So
"no such file or directory" indicates that the parent directory is supposed
to exist before calling slapadd.

Any user who ends down this code path is expected to know enough about slapd
maintenance to figure this out without further handholding.

The fact that you ended up down this code path *without* explicitly opting
for it is a problem.  The debconf data will help us determine if we have a
bug that caused this problem for you.

> > Marking the package as "installed" when the maintainer scripts have failed
> > to upgrade the directory to a DB version that will actually run with the
> > current slapd would be an error.

> But, but leaving no way to handle the upgrade when the configuration is
> non standard (ie having two or more databases in /var/lib/ldap) is also,
> IMHO, an error.

But that is not the case at all!  Two or more databases under subdirectories
of /var/lib/ldap will be handled perfectly fine.  Two or more databases *in*
/var/lib/ldap will fail for reasons entirely unrelated to the maintainer
scripts, because you will have conflicting filenames.

So:
  - having multiple directories configured is not non-standard
  - the maintainer scripts are written to handle multiple directories just
    fine
  - the only reason this fails for you is because the initial conditions for
    slapadd are not satisfied, which has nothing to do with the number of
    configured directories

> For example, when db-config found an error (no database, ...), it asks again
> the questions but with a higher priority. It could be a solution here.

That would almost certainly result in an infinite loop in the case that the
user does want to manage the directory manually.  As long as this upgrade
problem remains a one-off error (no one else has reported this debconf
behavior), I don't think that's a justified change.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20100908/49ec9f35/attachment-0001.pgp>

More information about the Pkg-openldap-devel mailing list