Package: slapd
Version: 2.4.23-4
Severity: normal
Tags: patch sid
Hi,
another day, another system, another bug ;-(
Upgrading slapd to 2.4.23-4 fails on subordinate databases
Error message
-------------
(Reading database ... 246653 files and directories currently installed.)
Preparing to replace slapd 2.4.23-4 (using slapd_2.4.23-4_i386.deb) ...
Stopping OpenLDAP: slapd
[ OK ]
Unpacking replacement slapd ...
Setting up slapd (2.4.23-4) ...
Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.23-3... done.
Moving old database directories to /var/backups:
- directory o=EDV... done.
- directory o=ADPM,c=DE... done.
- directory c=DE... done.
Loading from /var/backups/slapd-2.4.23-3:
- directory o=EDV... done.
- chowning database directory (openldap:openldap)... done
- directory o=ADPM,c=DE... done.
- chowning database directory (openldap:openldap)... done
- directory c=DE... failed.
Loading the database from the LDIF dump failed with the following
error while running slapadd:
=> hdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pair
already exists (-30995)
slapadd: could not add entry dn="o=adpm,c=de" (line=28006): id2entry_add
failed: DB_KEYEXIST: Key/data pair already exists (-30995)
Segmentation fault
dpkg: error processing slapd (--install):
subprocess installed post-installation script returned error exit status 1
Processing triggers for man-db ...
Errors were encountered while processing:
slapd
The important thing to know is that the databas o=ADPM,c=DE is a subordinate
of the database c=DE.
I.e. searches starting with a base c=DE also return results from o=ADPM,c=DE.
This is also true for slapcat, so that the backup of c=DE contains also the
entries from o=ADPM,c=DE.
When trying to restore the 2nd of these databases this is bound to fail
with the error message above.
Fortunately slapcat & slapadd offer the "-g" switch to disable subordinate
glueing. As this option does not have negative effects on non-glued databases,
it can IMHO be safely set as default.
The attached patch does exactly this.
Best regards
Peter
-- System Information:
[removed, because I write this on a different machine] ...
#! /bin/sh /usr/share/dpatch/dpatch-run
## openldap-2.4.23-deb_no_subordinate_glueing.patch
## DP: do not glue subordinates on slapcat/slapadd
# From: Peter Marschall <pe...@adpm.de>
# Subject: do not glue subordinates on slapcat/slapadd
# Description: do not glue subordinates on slapcat/slapadd
# Upgrading slapd may fail when there are subordinate databases
# because slapcat/slapadd do not take that into account.
# This patch hopefully fixes the issue
--- openldap-2.4.23/debian/slapd.scripts-common 2010-08-29 11:14:01.000000000 +0200
+++ openldap-2.4.23/debian/slapd.scripts-common 2010-08-29 11:15:36.000000000 +0200
@@ -162,9 +162,9 @@
echo -n " - directory $suffix... " >&2
# Need to support slapd.d migration from preinst
if [ -f "${SLAPD_CONF}" ]; then
- slapcat_opts="-f ${SLAPD_CONF}"
+ slapcat_opts="-g -f ${SLAPD_CONF}"
else
- slapcat_opts="-F ${SLAPD_CONF}"
+ slapcat_opts="-g -F ${SLAPD_CONF}"
fi
slapcat ${slapcat_opts} -b "$suffix" > "$file" || failed=1
if [ "$failed" ]; then
@@ -206,9 +206,9 @@
fi
if [ -f "${SLAPD_CONF}" ]; then
- slapadd_opts="-f ${SLAPD_CONF}"
+ slapadd_opts="-g -f ${SLAPD_CONF}"
else
- slapadd_opts="-F ${SLAPD_CONF}"
+ slapadd_opts="-g -F ${SLAPD_CONF}"
fi
capture_diagnostics slapadd ${slapadd_opts} \
-q -b "$suffix" -l "$file" || failed=1
