existing olcAccess line conflicts with new one added by jaunty -> karmic upgrade

Bug #526230 reported by Stephen Warren
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

I had a couple of systems with jaunty installed, running the openldap server, configured to use "cn=config" for configuration. On both systems, when I upgraded to karmic, something rewrote /etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif (or perhaps it was olcDatabase={1}bdb.ldif) to add a new "olcAccess" line. However, the file already had an olcAccess line, and openldap doesn't allow duplicate lines without prefixing the value with {0}, {1}, {2}, ... The newly added value isn't prefixed in such a way, and hence is a syntax error, and hence slapd won't start after the upgrade.

I'll attach a backup of /etc/ldap from one of the systems from when it was still running jaunty. Presumably, dumping this in /etc/ldap and testing a backup will yield the same problem.

Related branches

Revision history for this message
Stephen Warren (srwarren) wrote :
Mathias Gug (mathiaz)
Changed in openldap (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
summary: - jaunty -> karmic upgrade modifies cn=config DB definition, creates
- syntax error, slapd won't start
+ On upgrade modifies multiple olcAccess definition are not handled
+ correclty
Revision history for this message
Launchpad Janitor (janitor) wrote : Re: On upgrade modifies multiple olcAccess definition are not handled correclty

This bug was fixed in the package openldap - 2.4.21-0ubuntu3

---------------
openldap (2.4.21-0ubuntu3) lucid; urgency=low

  * debian/slapd.postinst, debian/slapd.scripts-common: Upgrade databases
    before trying to convert to slapd.d, to avoid upgrade failure from hardy
    (LP: #536958)
  * debian/slapd.postinst: Add a {1} numeric index to olcAccess entry in
    olcDatabase={0}config.ldif to avoid upgrade failures (LP: #538516, #526230)
 -- Thierry Carrez <email address hidden> Mon, 29 Mar 2010 13:31:47 +0200

Changed in openldap (Ubuntu):
status: Triaged → Fix Released
summary: - On upgrade modifies multiple olcAccess definition are not handled
- correclty
+ existing olcAccess line conflicts with new one added by jaunty ->
+ karmic upgrade
Revision history for this message
Nathan Stratton Treadway (nathanst) wrote :

(A few days ago) I unpacked the /etc/ldap tar archive attached to this bug, and found that the slapd.d/cn=config/olcDatabase={0}config.ldif file inside it does contain just one olcAccess line, so I went ahead and updated the title of this bug to more precisely describe the situation.

Revision history for this message
Nathan Stratton Treadway (nathanst) wrote :

For what it's worth, I'm attaching here the (plain text) olcDatabase={0}config.ldif file, as pulled out of the tar file ldap.tar.gz file that Stephen attached to this bug.

In particular, the olcAccess line found there is indeed the same as the one that is created by the cn=config backend conversion during a Hardy -> Lucid upgrade (bug #538516).

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.