Control: found -1 2.4.31-1
Hi Thorsten, thanks for reporting this.
On Tue, Jun 13, 2017 at 03:13:50PM +0200, Thorsten Glaser wrote:
+ read suffix
+ get_suffix
+ '[' -f /etc/ldap/slapd.d ']'
+ cut -d: -f 2
+ grep -h olcSuffix '/etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif'
'/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif'
'/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif'
++ get_directory 'o=Kundenname Mc3bcumlaut,c=de'
++ '[' -d /etc/ldap/slapd.d ']'
++ grep -q 'o=Kundenname Mc3bcumlaut,c=de'
Interesting difference between slapd versions. In wheezy, slapd
serializes that as base64:
olcSuffix:: bz1LdW5kZW5uYW1lIE3DvHVtbGF1dCxjPWRl
while in jessie and stretch, it writes it out in the escaped form like
you have there.
olcSuffix: o=Kundenname M\c3\bcumlaut,c=de
(But I'm curious: how did you wind up with the escaped form on wheezy?
For me, slapd via ldapmodify and slapadd both write it in base64.)
Sadly the scripts do the wrong thing with the base64 form too. This also
needs to be accounted for.
+ get_suffix
+ '[' -f /etc/ldap/slapd.d ']'
+ grep -h olcSuffix '/etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif'
'/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif'
'/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif'
+ cut -d: -f 2
++ get_directory ''
++ '[' -d /etc/ldap/slapd.d ']'
++ grep -q ''
It may be work as workaround, though, to let you complete your updates
on wheezy:
ldapmodify -H ldapi:// -Y EXTERNAL << eof
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: o=Kundenname M\c3\bcumlaut,c=de
eof
That should change the olcSuffix in the .ldif to base64. It makes
update_permissions a no-op, but at least it doesn't fail. Obviously that
isn't a fix, only a nasty hack to hopefully unblock you sooner than I
can upload a working solution.
And there are other easy ways to break the scripts' assumptions, too...
"olcSuffix: o=nar/dis,c=CA" for example breaks the backup/restore
machinery.
