touch-packages team mailing list archive

Thread
Date

[Bug 1362481] Re: openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Ryan Tandy <1362481@xxxxxxxxxxxxxxxxxx>
Date: Thu, 28 Aug 2014 19:06:10 -0000
Reply-to: Bug 1362481 <1362481@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Great. Thanks for that link, and also for the analysis and suggestions.
You're right: there is an implicit assumption that suffixes are unique,
and this setup is a valid one that breaks it.

With this change:

http://anonscm.debian.org/cgit/pkg-
openldap/openldap.git/commit/debian/slapd.scripts-
common?id=57b0cc5ae377b00219e73be87e0c3a151b5eda99

the dump part at least doesn't fail ("slapcat -b dc=example,dc=com" is
executed twice, operating on the disk-backed db both times), but I
wouldn't exactly call that correct.

Of course, running "slapadd -b dc=example,dc=com" twice is never going
to work. (Well, maybe if the database is totally empty.) (Additionally,
moving the old database out of the way doesn't work if we have {1}ldap
and {2}hdb instead of the reverse.)

I already wanted to redo the loops like you suggested; this is just
another reason to move forward on that. Probably it would be most robust
to use slap{cat,add} -nN instead of -b $suffix; at least that would have
the least chance for ambiguity.

** Changed in: openldap (Ubuntu)
       Status: New => In Progress

** Changed in: openldap (Ubuntu)
     Assignee: (unassigned) => Ryan Tandy (rtandy)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1362481

Title:
  openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not
  empty and missing backup of suffix

Status in “openldap” package in Ubuntu:
  In Progress

Bug description:
  Upgrading from Ubuntu 12.04.5 LTS to 14.04.1 LTS
  (slapd-2.4.28-1.1ubuntu4.4 to slapd-2.4.31-1+nmu2ubuntu8), it fails
  horribly on my setup with one disk-backend and one ldap-backend (sync
  to another server).

  First, dump_databases in
  /var/lib/dpkg/info/slapd.{config,preinst,postinst} fails due to
  get_directory returning "olcDbDirectory" instead of /var/lib/ldap.
  This is caused by a missing -h to grep, causing another : in the
  returned line, thus causing the '| cut -d: -f 2' to get the wrong part
  of the line.  This causes both the backup of the suffix to fail, and
  later the chown after restore to fail.

      grep "olcDbDirectory:" `grep -l "olcSuffix: ...

  should have been

      grep -h "olcDbDirectory:" `grep -l "olcSuffix:  ...

  later, get_suffix causes the same suffix to be reported twice, thus
  causing database load to fail on the second round of the while since
  /var/lib/ldap is already loaded with the correct files, but is
  expected to be empty. I fixed it with a '| sort -u' in get_suffix, but
  i guess it would be better to maybe redo load_databases' while loop to
  get both suffix and dbdir (since you can have the same suffix stored
  in more than one location, as I have, and thus first getting the
  suffix and then doing a grep for the olcDbDirectory in get_directory
  will cause the same storage to be reported for both instances of the
  suffix)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1362481/+subscriptions

References

[Bug 1362481] [NEW] openldap upgrade fails. chwon of olcDbDirectory, /var/lib/ldap not empty and missing backup of suffix
From: Peder Stray, 2014-08-28