[Pkg-openldap-devel] Bug#665199: slapd: fails to install, remove, distupgrade, and install again

[Ryan Tandy]

On Sun, Apr 09, 2017 at 09:08:56AM -0700, Ryan Tandy wrote:
>Hi Ivo,
>
>Thanks for checking the patches.
>
>On Sun, Apr 09, 2017 at 12:14:37PM +0200, Ivo De Decker wrote:
>>What happens on remove if the slapcat fails? There are 2 options:
>>
>>- don't ignore errors
>>
>>This causes errors on removal when the ldap config is broken. There should be
>>a way to remove a broken installation.
>
>Good point. The slapcat for content databases is written to catch 
>errors and present them as a debconf error - I should use that for the 
>config dump as well.
>
>The easiest way to simply get rid of a broken install (and I should 
>document this somewhere) is just to rm -rf /etc/ldap/slapd.d before 
>remove, then nothing will be dumped or backed up.

After thinking through this some more:

- If the config is broken badly enough that slapcat doesn't work, the 
  user may well be trying to remove and then purge slapd in order to get 
  rid of the broken config and possibly install a fresh one.

- If we're at the beginning of an upgrade that will require the LDIF 
  files (whether for pre-flight checks or a migration), then the upgrade 
  is going to fail anyway if slapcat doesn't work.

- In any case, we never remove the actual config or data until purge, so 
  the risk of actual data loss is minimal. The worst case is that the 
  user later attempts an upgrade without having the LDIFs available, 
  which is what happens right now anyway.

For those reasons, I think it's better if 'prerm remove' ignores errors 
and does not prevent the package from being removed.

Thanks again for raising this point. I am tweaking the patches to change 
this and address a couple of other potential issues I noticed.