[Pkg-openldap-devel] Bug#864719: Bug#864719: Bug#864719: Bug#864719: slapd: fails to configure when olcSuffix contains a backslash-escaped umlaut

Wed Jun 14 18:50:02 UTC 2017

Hi guys,

please allow me to add some thoughts to this bug report:

1. Is there any way to re-use the way dn's are mapped to paths by the
cn=config backend for this purpose?

2017-06-14 12:59 GMT+02:00 Thorsten Glaser <t.glaser at tarent.de>:
> On Tue, 13 Jun 2017, Ryan Tandy wrote:
>
>>> Hi Thorsten, thanks for reporting this.
>
> You’re welcome.
>
>>> (But I'm curious: how did you wind up with the escaped form on wheezy?  For
>>> me, slapd via ldapmodify and slapadd both write it in base64.)
>
> I’ve first set up the test server, then, in order to reproduce another
> bug mich later, we got an actual LDIF from the customer, so I had to
> change the base DN and import a partial tree of theirs. I used the DN
> as it was written in their LDIF.
>
> This is also the reason the base DN doesn’t match the domain debconf.
>
>> For the backslashes case, the attached ought to do. Would you be willing to
>> test it? It should apply to /var/lib/dpkg/info/slapd.postinst.
>
> The patch works as-is, however, as a shell author and informed about
> writing portable shell scripts, I’m a tad concerned about the use of
> the accent gravis form of command substitution, especially as it can
> *not* be quoted both inside and outside (which is not the case here,
> but someone might decide to do that in the future).
>
> Therefore I’m urging you to change the last addition to…
> +               grep "olcDbDirectory:" $(grep -Fl "olcSuffix: $1" ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif) | cut -d: -f 2 | sed 's/^  *//g'
> … or possibly, quoting, just to be safe:
> +               grep "olcDbDirectory:" "$(grep -Fl "olcSuffix: $1" "${SLAPD_CONF}/cn\=config/olcDatabase*.ldif")" | cut -d: -f 2 | sed 's/^  *//g'
>
> (Side note, I cringe every time I see such grep|cut|sed thingies,
> this can almost certainly be done with just sed¹.)
>
>> Still thinking about the base64 case. Since we use the suffix to name files
>> and directories for backup and restore, I guess it's most robust to just use
>> the base64 directly - even if it's not quite as nice for showing to users.
>
> Remember that that can span multiple lines (although this is also true
> for the non-base64 base). I usually just read LDIF line by line in my
> shell scripts concatenating as needed, but for quick, I’ve found this
> useful:
>
> cat² x.ldif | tr '\n' '\001' | sed $'s/\001 //g' | tr '\001' '\n' >y
>
> Note that $'…' needs a shell supporting this ksh93ism / recent addition
> to POSIX (i.e. ksh93, GNU bash, mksh, zsh, but not dash). For this
> purpose it’s commonly accepted to change the shebang of the maintainer
> script to #!/bin/bash (which is still Essential currently). Another
> option would be to embed the control character directly into the script.
> (Actually, perhaps GNU sed can handle 's/\001 //g' just fine? I’m more
> used to BSD sed which honours the standard more.)
>
> bye,
> //mirabilos
>
> ① I’m thinking of something along the lines of:
>
>   sed --posix -n '/^olcDbDirectory: *\([^ ].*\)$/s//\1/p' "$(grep -Fl "olcSuffix: $1" "${SLAPD_CONF}/cn\=config/olcDatabase*.ldif")"
>
>   I think this fully replaces that line of yours.
>
> ② Not a useless use of cat but an example.
>
> --
> tarent solutions GmbH
> Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
> Tel: +49 228 54881-393 • Fax: +49 228 54881-235
> HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
> Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
>
> _______________________________________________
> Pkg-openldap-devel mailing list
> Pkg-openldap-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-openldap-devel