Package: slapd
Version: 2.4.23-4
Severity: normal
Tags: patch
If slapd is told not to create an initial configuration, the init script
fails and kills apt-get in its death throes.
aginor:~# debconf-set-selections
slapd slapd/internal/adminpw password insecure
slapd slapd/internal/generated_adminpw password insecure
slapd slapd/password2 password insecure
slapd slapd/password1 password insecure
slapd slapd/no_configuration boolean true
aginor:~# apt-get install slapd
Reading package lists... Done
Building dependency tree
Reading state information... Done
Recommended packages:
libsasl2-modules
The following NEW packages will be installed
slapd
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 0B/1,584kB of archives.
After this operation, 4,006kB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously deselected package slapd.
(Reading database ... 23942 files and directories currently installed.)
Unpacking slapd (from .../slapd_2.4.23-4_amd64.deb) ...
Processing triggers for man-db ...
Setting up slapd (2.4.23-4) ...
Omitting slapd configuration as requested.
No configuration file was found for slapd at /etc/ldap/slapd.d. ... (warning).
invoke-rc.d: initscript slapd, action "start" failed.
dpkg: error processing slapd (--configure):
subprocess installed post-installation script returned error exit status 1
configured to not write apport reports
Errors were encountered while processing:
slapd
E: Sub-process /usr/bin/dpkg returned an error code (1)
aginor:~#
Attempting to immediately remove the package also fails hard.
aginor:~# dpkg --purge slapd
(Reading database ... 24183 files and directories currently installed.)
Removing slapd ...
No configuration file was found for slapd at /etc/ldap/slapd.d. ... (warning).
invoke-rc.d: initscript slapd, action "stop" failed.
dpkg: error processing slapd (--purge):
subprocess installed pre-removal script returned error exit status 1
Backing up /etc/ldap/slapd.d in /var/backups/slapd-... done.
grep: /etc/ldap/slapd.d/cn=config/olcDatabase*: No such file or directory
No configuration file was found for slapd at /etc/ldap/slapd.d. ... (warning).
invoke-rc.d: initscript slapd, action "start" failed.
dpkg: error while cleaning up:
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
slapd
aginor:~#
The included patch solves this by:
1) Creating /etc/ldap/noslapd as part of the postinst which the administrator
can remove when slapd is configured.
2) Shuffling the init script to deal with the sentinel file more
gracefully. This is done by having functions defined in multiple places,
which I am not keen on but it Does The Job.
diff -ur openldap-2.4.23/debian/slapd.init openldap-2.4.23-changed/debian/slapd.init
--- openldap-2.4.23/debian/slapd.init 2010-09-08 17:38:43.000000000 +0100
+++ openldap-2.4.23-changed/debian/slapd.init 2010-09-08 16:11:14.000000000 +0100
@@ -38,10 +38,39 @@
SLAPD_CONF="/etc/ldap/slapd.conf"
fi
+# Check whether we were configured to not start the services.
+check_for_no_start() {
+ # Paradoxically, return 0 (success) when not configured to
+ # start (that is - no_start is true, which in sh-speak is 0)
+ if [ -n "$SLAPD_NO_START" ]; then
+ no_start="SLAPD_NO_START set in /etc/default/slapd"
+ return 0
+ elif [ -n "$SLAPD_SENTINEL_FILE" -a -e "$SLAPD_SENTINEL_FILE" ]; then
+ no_start="$SLAPD_SENTINEL_FILE exists"
+ return 0
+ else
+ return 1
+ fi
+}
+
+# ... and say so
+report_no_start() {
+ if check_for_no_start; then
+ echo "Not starting slapd: $no_start" >&2
+ exit 0
+ fi
+}
+
# Stop processing if the config file is not there
if [ ! -r "$SLAPD_CONF" ]; then
- log_warning_msg "No configuration file was found for slapd at $SLAPD_CONF."
- exit 1
+ log_warning_msg "No configuration file was found for slapd at $SLAPD_CONF."
+ # If slapd is restricted from starting, its lack of
+ # configuration is not an error
+ if check_for_no_start; then
+ exit 0
+ else
+ exit 1
+ fi
fi
# Find out the name of slapd's pid file
@@ -84,18 +113,6 @@
SLAPD_OPTIONS="-g $SLAPD_GROUP $SLAPD_OPTIONS"
fi
-# Check whether we were configured to not start the services.
-check_for_no_start() {
- if [ -n "$SLAPD_NO_START" ]; then
- echo 'Not starting slapd: SLAPD_NO_START set in /etc/default/slapd' >&2
- exit 0
- fi
- if [ -n "$SLAPD_SENTINEL_FILE" ] && [ -e "$SLAPD_SENTINEL_FILE" ]; then
- echo "Not starting slapd: $SLAPD_SENTINEL_FILE exists" >&2
- exit 0
- fi
-}
-
# Tell the user that something went wrong and give some hints for
# resolving the problem.
report_failure() {
@@ -165,12 +182,12 @@
case "$1" in
start)
- check_for_no_start
+ report_no_start
start_ldap ;;
stop)
stop_ldap ;;
restart|force-reload)
- check_for_no_start
+ report_no_start
stop_ldap
start_ldap
;;
diff -ur openldap-2.4.23/debian/slapd.postinst openldap-2.4.23-changed/debian/slapd.postinst
--- openldap-2.4.23/debian/slapd.postinst 2010-09-08 17:38:43.000000000 +0100
+++ openldap-2.4.23-changed/debian/slapd.postinst 2010-09-08 16:12:18.000000000 +0100
@@ -14,6 +14,8 @@
if manual_configuration_wanted; then
echo " Omitting slapd configuration as requested." >&2
+ echo " Touching /etc/ldap/noslapd so slapd will not attempt to start." >&2
+ touch /etc/ldap/noslapd
else
crypt_admin_pass
create_new_configuration
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.34 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages slapd depends on:
ii adduser 3.112 add and remove users and groups
ii coreutils 8.5-1 GNU core utilities
ii debconf [debconf-2.0] 1.5.35 Debian configuration management sy
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr
ii libldap-2.4-2 2.4.23-4 OpenLDAP libraries
ii libltdl7 2.2.6b-2 A system independent dlopen wrappe
ii libperl5.10 5.10.1-14 shared Perl library
ii libsasl2-2 2.1.23.dfsg1-5 Cyrus SASL - authentication abstra
ii libslp1 1.2.1-7.8 OpenSLP libraries
ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip
ii perl [libmime-base64-perl 5.10.1-14 Larry Wall's Practical Extraction
ii psmisc 22.11-1 utilities that use the proc file s
ii unixodbc 2.2.14p2-1 ODBC tools libraries
Versions of packages slapd recommends:
pn libsasl2-modules <none> (no description available)
Versions of packages slapd suggests:
ii ldap-utils 2.4.23-4 OpenLDAP utilities
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.34 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages slapd depends on:
ii adduser 3.112 add and remove users and groups
ii coreutils 8.5-1 GNU core utilities
ii debconf [debconf-2.0] 1.5.35 Debian configuration management sy
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [
ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr
ii libldap-2.4-2 2.4.23-4monnsta1 OpenLDAP libraries
ii libltdl7 2.2.6b-2 A system independent dlopen wrappe
ii libperl5.10 5.10.1-14 shared Perl library
ii libsasl2-2 2.1.23.dfsg1-6 Cyrus SASL - authentication abstra
ii libslp1 1.2.1-7.8 OpenSLP libraries
ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip
ii perl [libmime-base64-pe 5.10.1-14 Larry Wall's Practical Extraction
ii psmisc 22.11-1 utilities that use the proc file s
ii unixodbc 2.2.14p2-1 ODBC tools libraries
Versions of packages slapd recommends:
pn libsasl2-modules <none> (no description available)
Versions of packages slapd suggests:
ii ldap-utils 2.4.23-4monnsta1 OpenLDAP utilities
--
I must take issue with the term "a mere child", for it has been my
invariable experience that the company of a mere child is infinitely
preferable to that of a mere adult.
-- Fran Lebowitz
