Package: slapd
Version: 2.2.23-1
Severity: important
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I upgraded my slapd installation a couple days ago to the latest version in
unstable, but the upgrade script failed. The upgrade script rewrote my
slapd.conf config file and changed the access specifications. Then i dumped my
database to /var/backup/slapd-VERSION. After that it tried to load the database
again, but it failed because the slapd.conf file got corrupted. It seems
that the upgrade-script creates lines like:
access to attrs=userPassword by dn.regex="cn=admin,dc=arriesoft,dc=nl" write
by anonymous auth by self write by * none # NT Password
That is everything on one line with to comment on the next line appended, which
slapcat doesn't seem to understand. After changing the layout back to the
original layout (see below), I did a dpkg --configure --pending, but this failed
because the maintainer script isn't idempotent and tried to dump the database
again to /var/backup/slapd-VERSION, but couldn't do that because there was
already a database present there from the first try to upgrade slapd.
access to attrs=userPassword
by dn.regex="cn=admin,dc=arriesoft,dc=nl" write
by anonymous auth
by self write
by * none
# NT Password
So it seems the upgrade script is severly broken, which can result in big
problems
(I have my user accounts in ldap, and couldn't login in anymore. Luckely i
could
login as root locally, but if i had not had physical access to the machine i
would
have been out of luck).
Greetings Arjan Oosting.
p.s. It seems that slapd is now linked with openssl in stead of gnutls? Are the
GPL problems with linking to openssl solved? Linking with openssl broke my samba
installation (samba linked with gnutls, user accounts in ldap) though :( , but
I will investigate that further and send another bugreport.
- -- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.11.5-1-moonshine
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages slapd depends on:
ii coreutils [fileutils] 5.2.1-2 The GNU core utilities
ii debconf 1.4.47 Debian configuration management sy
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [
ii libiodbc2 3.52.2-3 iODBC Driver Manager
ii libldap-2.2-7 2.2.23-1 OpenLDAP libraries
ii libltdl3 1.5.6-6 A system independent dlopen wrappe
ii libperl5.8 5.8.4-8 Shared Perl library
ii libsasl2 2.1.19-1.5 Authentication abstraction library
ii libslp1 1.0.11a-2 OpenSLP libraries
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii perl [libmime-base64-perl] 5.8.4-8 Larry Wall's Practical Extraction
ii psmisc 21.6-1 Utilities that use the proc filesy
- -- debconf information:
slapd/fix_directory: true
shared/organization:
slapd/upgrade_slapcat_failure:
slapd/backend: BDB
* slapd/allow_ldap_v2: false
* slapd/no_configuration: true
slapd/move_old_database: true
slapd/suffix_change: false
slapd/slave_databases_require_updateref:
* slapd/dump_database_destdir: /var/backups/slapd-VERSION
slapd/autoconf_modules: true
slapd/domain:
slapd/password_mismatch:
slapd/invalid_config: true
slapd/upgrade_slapadd_failure:
* slapd/dump_database: when needed
slapd/purge_database: false
slapd/admin:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCUq5KUALvsZYuOJARAqc5AJ4o8C2n/q0+eL4UrP4+L9tf+osG2ACdGB7S
kEke/u4DJGaJo6bA0ItCNG0=
=11xf
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
