It seems like the new slapd.postinst in 2.4.21-0ubuntu5 will cause a configuration error for upgrades from previous Lucid versions of the package.
Specifically, up through 2.4.21-0ubuntu4, the postinst script added the following line:
olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
to the /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif file (when upgrading from a previous version older than 2.4.17-1ubuntu3).
The new version of the script will add the following line instead (and will do so when upgrading from any prior version of the package):
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
But since there is no attempt to remove the old non-indexed line while the indexed one is added, slapd will refuse to start with the resulting frontend.ldif file.
I can't easily run an actual test of this upgrade path myself, but bug 570657 and bug 570533 seem to be consistent with this scenario.
It seems like the new slapd.postinst in 2.4.21-0ubuntu5 will cause a configuration error for upgrades from previous Lucid versions of the package.
Specifically, up through 2.4.21-0ubuntu4, the postinst script added the following line: cn=localroot, cn=config manage by * break slapd.d/ cn=config/ olcDatabase= {-1}frontend. ldif file (when upgrading from a previous version older than 2.4.17-1ubuntu3).
olcAccess: to * by dn.exact=
to the /etc/ldap/
The new version of the script will add the following line instead (and will do so when upgrading from any prior version of the package): gidNumber= 0+uidNumber= 0,cn=peercred, cn=external, cn=auth manage by * break
olcAccess: {0}to * by dn.exact=
But since there is no attempt to remove the old non-indexed line while the indexed one is added, slapd will refuse to start with the resulting frontend.ldif file.
I can't easily run an actual test of this upgrade path myself, but bug 570657 and bug 570533 seem to be consistent with this scenario.