[Pkg-openldap-devel] new debconf template for openldap
Ryan Tandy
ryan at nardis.ca
Sat Jan 7 20:43:56 UTC 2017
Dear debian-l10n-english,
I would like to ask for your review of a new debconf template for slapd.
Some background information: If slapd's configuration is not replicated
to or from any other server, and has no overlays (plugins) applied to
it, we can upgrade the schema automatically. However, if those
conditions are not met (replicating the config database is uncommon but
definitely supported), then it is not safe to perform the change
offline: it has to be done by the admin *before* removing or replacing
the old binaries.
What we do here is generate an LDIF file containing the necessary
changeset, and show the admin how to apply it.
"Replication with other servers may be affected" is intentionally vague:
depending on the specific configuration, this specific change might not
be replicated, replication in general might get stuck and never sync
again, or everything might just work.
Lintian complains about this template being too long, so I'd welcome
suggestions for how to reduce it, as well as any other feedback.
Template: slapd/ppolicy_schema_needs_update
Type: select
__Choices: abort installation, continue regardless
DefaultChoice: abort installation
#flag:comment:2
# "ppolicy", "pwdMaxRecordedFailure", and "cn=config" are not translatable.
#flag:translate!:5,7
_Description: Manual ppolicy schema update recommended
In the version of slapd about to be installed, the ppolicy overlay
requires the new pwdMaxRecordedFailure attribute to be defined in the
ppolicy schema. The schema contained in the cn=config database does not
currently include this attribute.
.
You may choose to continue the installation. In this case, the
maintainer scripts will add the new attribute automatically during the
upgrade. However, the change will not be acted on by slapd overlays,
and replication with other servers may be affected.
.
The ppolicy schema can be updated by applying the changes found in the
following LDIF file:
.
${ldif}
.
If slapd is using the default access control rules, after starting
slapd, the changes can be applied using the following command:
.
ldapmodify -H ldapi:/// -Y EXTERNAL -f ${ldif}
.
It is recommended to abort the upgrade now and to update the ppolicy
schema before upgrading slapd. If replication is in use, the schema
update should be applied on every server before continuing with the
upgrade.
The full templates file can be found in the git repository:
https://anonscm.debian.org/git/pkg-openldap/openldap.git/tree/debian/slapd.templates
Thank you,
Ryan
More information about the Pkg-openldap-devel
mailing list