[Pkg-openldap-devel] Bug#864719: Bug#864719: Bug#864719: slapd: fails to configure when olcSuffix contains a backslash-escaped umlaut

Wed Jun 14 10:59:04 UTC 2017

On Tue, 13 Jun 2017, Ryan Tandy wrote:

>> Hi Thorsten, thanks for reporting this.

You’re welcome.

>> (But I'm curious: how did you wind up with the escaped form on wheezy?  For
>> me, slapd via ldapmodify and slapadd both write it in base64.)

I’ve first set up the test server, then, in order to reproduce another
bug mich later, we got an actual LDIF from the customer, so I had to
change the base DN and import a partial tree of theirs. I used the DN
as it was written in their LDIF.

This is also the reason the base DN doesn’t match the domain debconf.

> For the backslashes case, the attached ought to do. Would you be willing to
> test it? It should apply to /var/lib/dpkg/info/slapd.postinst.

The patch works as-is, however, as a shell author and informed about
writing portable shell scripts, I’m a tad concerned about the use of
the accent gravis form of command substitution, especially as it can
*not* be quoted both inside and outside (which is not the case here,
but someone might decide to do that in the future).

Therefore I’m urging you to change the last addition to…
+		grep "olcDbDirectory:" $(grep -Fl "olcSuffix: $1" ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif) | cut -d: -f 2 | sed 's/^  *//g'
… or possibly, quoting, just to be safe:
+		grep "olcDbDirectory:" "$(grep -Fl "olcSuffix: $1" "${SLAPD_CONF}/cn\=config/olcDatabase*.ldif")" | cut -d: -f 2 | sed 's/^  *//g'

(Side note, I cringe every time I see such grep|cut|sed thingies,
this can almost certainly be done with just sed¹.)

> Still thinking about the base64 case. Since we use the suffix to name files
> and directories for backup and restore, I guess it's most robust to just use
> the base64 directly - even if it's not quite as nice for showing to users.

Remember that that can span multiple lines (although this is also true
for the non-base64 base). I usually just read LDIF line by line in my
shell scripts concatenating as needed, but for quick, I’ve found this
useful:

cat² x.ldif | tr '\n' '\001' | sed $'s/\001 //g' | tr '\001' '\n' >y

Note that $'…' needs a shell supporting this ksh93ism / recent addition
to POSIX (i.e. ksh93, GNU bash, mksh, zsh, but not dash). For this
purpose it’s commonly accepted to change the shebang of the maintainer
script to #!/bin/bash (which is still Essential currently). Another
option would be to embed the control character directly into the script.
(Actually, perhaps GNU sed can handle 's/\001 //g' just fine? I’m more
used to BSD sed which honours the standard more.)

bye,
//mirabilos

① I’m thinking of something along the lines of:

  sed --posix -n '/^olcDbDirectory: *\([^ ].*\)$/s//\1/p' "$(grep -Fl "olcSuffix: $1" "${SLAPD_CONF}/cn\=config/olcDatabase*.ldif")"

  I think this fully replaces that line of yours.

② Not a useless use of cat but an example.

-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg