Debian Bug report logs - #370337
Please remove bogus change of etc/default/slapd

Package: src:openldap; Maintainer for src:openldap is Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>;

Reported by: Luk Claes <luk@debian.org>

Date: Sun, 4 Jun 2006 17:48:05 UTC

Severity: wishlist

Tags: moreinfo

Merged with 370343

Blocking fix for 311188: debian-edu-config: Messes "programmatically" with conffiles of other packages

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#370337; Package openldap2.3. Full text and rfc822 format available.

Acknowledgement sent to Luk Claes <luk@debian.org>:
New Bug report received and forwarded. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Luk Claes <luk@debian.org>
To: submit@bugs.debian.org
Subject: Make /etc/default/slapd automatically configurable
Date: Sun, 04 Jun 2006 19:34:06 +0200
[Message part 1 (text/plain, inline)]
Package: openldap2.3
Severity: wishlist

Hi

Automatically configuring openldap2.3 is not policy compliant for the
moment as one might need to edit the conffile etc/default/slapd in the
process.

A solution might be to include some file if it exists in the
configuration... or adding some debconf questions...

Cheers

Luk

-- 
Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D
Fingerprint:   D5AF 25FB 316B 53BB 08E7   F999 E544 DE07 9B7C 328D



[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#370337; Package openldap2.3. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 370337@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Luk Claes <luk@debian.org>, 370337@bugs.debian.org
Subject: Re: [Pkg-openldap-devel] Bug#370337: Make /etc/default/slapd automatically configurable
Date: Sun, 4 Jun 2006 14:38:47 -0700
On Sun, Jun 04, 2006 at 07:34:06PM +0200, Luk Claes wrote:

> Automatically configuring openldap2.3 is not policy compliant for the
> moment as one might need to edit the conffile etc/default/slapd in the
> process.

Edit it for what reason?  If the current defaults are inappropriate in the
common case, shouldn't we be fixing those defaults?

I guess this might be related to the debian-edu bug, though... in which
case, it's worth mentioning that making a file a non-conffile does not make
it ok under policy for other packages to edit it freely...

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/



Blocking bugs added: 370319, 370324, 370332, 370337, 370338, 370339, 370340, 370342, 370343, 370344, 370346, 370347, 370348, 370349, 370350, and 370351 Request was from Luk Claes <luk@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug reassigned from package `openldap2.3' to `debian-edu-config'. Request was from Luk Claes <luk@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug title. Request was from Luk Claes <luk@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Blocking bugs removed: 370319, 370324, 370332, 370337, 370338, 370339, 370340, 370342, 370343, 370344, 370346, 370347, 370348, 370349, 370350, 370351, and 370393 Request was from Luk Claes <luk@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Blocking bugs added: 370319, 370324, 370332, 370337, 370338, 370339, 370340, 370342, 370343, 370344, 370346, 370347, 370348, 370349, 370350, 370351, and 370393 Request was from Luk Claes <luk@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug reassigned from package `debian-edu-config' to `openldap2.3'. Request was from Holger Levsen <holger@layer-acht.org> to control@bugs.debian.org. (Sat, 05 Apr 2008 18:30:11 GMT) Full text and rfc822 format available.

Merged 370337 370343. Request was from Holger Levsen <holger@layer-acht.org> to control@bugs.debian.org. (Sat, 05 Apr 2008 23:06:20 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#370337; Package openldap2.3. Full text and rfc822 format available.

Acknowledgement sent to Pascal Carrié <pascal@iepala.es>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #29 received at 370337@bugs.debian.org (full text, mbox):

From: Pascal Carrié <pascal@iepala.es>
To: Debian Bug Tracking System <370337@bugs.debian.org>
Subject: /etc/default/slap hang when given options to slapd
Date: Mon, 05 May 2008 11:57:01 +0200
Package: slapd
Followup-For: Bug #370337

hi,
if you give an option in /etc/default/slapd (like SLAPD_OPTIONS="-d 16383") the start-stop-daemon do not release the console (do not go to the 
background), the slapd is up but without considering the given options.
I have try to start manualy the daemon :
 slapd -h 'ldap:/// ldaps:///' -g openldap -u openldap -f /etc/ldap/slapd.conf -d 16383
and it's work fine but 
if you try with :
start-stop-daemon --start --quiet --background --oknodo --pidfile /var/run/slapd/slapd.pid  --exec /usr/sbin/slapd --  -d 16383
it's hang just as when you lauch with the /etc/init.d/slapd script
anyway, thanks for your exelent job
pascal

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages slapd depends on:
ii  adduser                  3.107           add and remove users and groups
ii  coreutils                6.10-3          The GNU core utilities
ii  debconf [debconf-2.0]    1.5.21          Debian configuration management sy
ii  libc6                    2.7-10          GNU C Library: Shared libraries
ii  libdb4.2                 4.2.52+dfsg-4   Berkeley v4.2 Database Libraries [
ii  libgnutls26              2.2.2-1         the GNU TLS library - runtime libr
ii  libldap-2.4-2            2.4.7-6.2       OpenLDAP libraries
ii  libltdl3                 1.5.26-3        A system independent dlopen wrappe
ii  libperl5.8               5.8.8-12        Shared Perl library
ii  libsasl2-2               2.1.22.dfsg1-18 Cyrus SASL - authentication abstra
ii  libslp1                  1.2.1-7.2       OpenSLP libraries
ii  libwrap0                 7.6.q-15        Wietse Venema's TCP wrappers libra
ii  perl [libmime-base64-per 5.8.8-12        Larry Wall's Practical Extraction 
ii  psmisc                   22.6-1          Utilities that use the proc filesy
ii  unixodbc                 2.2.11-16       ODBC tools libraries

Versions of packages slapd recommends:
ii  libsasl2-modules         2.1.22.dfsg1-18 Cyrus SASL - pluggable authenticat

-- debconf information:
  slapd/password_mismatch:
  slapd/tlsciphersuite:
  slapd/invalid_config: true
* shared/organization: iepala.org
  slapd/upgrade_slapcat_failure:
  slapd/slurpd_obsolete:
* slapd/backend: HDB
  slapd/dump_database: when needed
* slapd/allow_ldap_v2: false
* slapd/no_configuration: false
  slapd/migrate_ldbm_to_bdb: true
  slapd/move_old_database: true
  slapd/suffix_change: false
  slapd/dump_database_destdir: /var/backups/slapd-VERSION
* slapd/purge_database: true
* slapd/domain: iepala.org




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#370337; Package openldap2.3. Full text and rfc822 format available.

Acknowledgement sent to Quanah Gibson-Mount <quanah@zimbra.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #34 received at 370337@bugs.debian.org (full text, mbox):

From: Quanah Gibson-Mount <quanah@zimbra.com>
To: Pascal Carrié <pascal@iepala.es>, 370337@bugs.debian.org
Subject: Re: [Pkg-openldap-devel] Bug#370337: /etc/default/slap hang when given options to slapd
Date: Mon, 05 May 2008 07:01:40 -0700
--On Monday, May 05, 2008 11:57 AM +0200 Pascal Carrié <pascal@iepala.es> 
wrote:

> Package: slapd
> Followup-For: Bug #370337
>
> hi,
> if you give an option in /etc/default/slapd (like SLAPD_OPTIONS="-d
> 16383") the start-stop-daemon do not release the console (do not go to
> the  background), the slapd is up but without considering the given
> options. I have try to start manualy the daemon :
>  slapd -h 'ldap:/// ldaps:///' -g openldap -u openldap -f
> /etc/ldap/slapd.conf -d 16383 and it's work fine but
> if you try with :
> start-stop-daemon --start --quiet --background --oknodo --pidfile
> /var/run/slapd/slapd.pid  --exec /usr/sbin/slapd --  -d 16383 it's hang
> just as when you lauch with the /etc/init.d/slapd script anyway, thanks
> for your exelent job
> pascal

That's because if you use -d, slapd never detaches.  This is an expected 
behavior.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration




Bug reassigned from package `openldap2.3' to `openldap2.3,openldap'. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Mon, 07 Jul 2008 18:45:11 GMT) Full text and rfc822 format available.

Bug reassigned from package `openldap2.3,openldap' to `openldap'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sat, 21 Mar 2009 15:45:07 GMT) Full text and rfc822 format available.

Bug reassigned from package `openldap' to `openldap'. Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Sat, 21 Mar 2009 15:45:08 GMT) Full text and rfc822 format available.

Bug reassigned from package `openldap' to `openldap2.3,openldap'. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Sat, 21 Mar 2009 19:42:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>:
Bug#370337; Package openldap2.3,openldap. (Sat, 21 Mar 2009 21:27:28 GMT) Full text and rfc822 format available.

Acknowledgement sent to Marco Rodrigues <gothicx@sapo.pt>:
Extra info received and forwarded to list. Copy sent to Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>. (Sat, 21 Mar 2009 21:27:48 GMT) Full text and rfc822 format available.

Message #47 received at 370337@bugs.debian.org (full text, mbox):

From: Marco Rodrigues <gothicx@sapo.pt>
To: 453392@bugs.debian.org, 370337@bugs.debian.org, 370343@bugs.debian.org, 452834@bugs.debian.org, 358829@bugs.debian.org, control@bugs.debian.org, openldap@packages.debian.org
Subject: Reassigning bugs from openldap2.3 to openldap
Date: Sat, 21 Mar 2009 15:41:42 GMT
reassign 453392 openldap
reassign 370337 openldap
reassign 370343 openldap
reassign 452834 openldap
reassign 358829 openldap
thanks

The openldap2.3 package has been removed from Debian. We are reassigning 
its bugs to the openldap package. Please have a look at them, 
and close them if they don't apply to openldap anymore.

Don't hesitate to reply to this mail if you have any question.

Kind regards,
--
Marco Rodrigues




Information forwarded to debian-bugs-dist@lists.debian.org, unknown-package@qa.debian.org:
Bug#370337; Package openldap2.3,openldap. (Sun, 08 Aug 2010 15:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Matthijs Möhlmann <matthijs@cacholong.nl>:
Extra info received and forwarded to list. Copy sent to unknown-package@qa.debian.org. (Sun, 08 Aug 2010 15:09:03 GMT) Full text and rfc822 format available.

Message #52 received at 370337@bugs.debian.org (full text, mbox):

From: Matthijs Möhlmann <matthijs@cacholong.nl>
To: Luk Claes <luk@debian.org>, 370337@bugs.debian.org
Subject: Re: Make /etc/default/slapd automatically configurable
Date: Sun, 08 Aug 2010 17:04:35 +0200
[Message part 1 (text/plain, inline)]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This bug is open for a long time now, what reasonable defaults are
needed for debian-edu ?

I've attached the default file currently shipped with OpenLDAP.

Regards,

Matthijs Mohlmann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxex4MACgkQ2n1ROIkXqbCchgCcCDvyZAJyIWXYAHvZGwAhRvlg
s0QAoKe7HpxTDEXTD2n3AvW0j/y2DlNA
=OA1K
-----END PGP SIGNATURE-----
[slapd.default (text/plain, attachment)]
[slapd.default.sig (application/octet-stream, attachment)]

Added tag(s) moreinfo. Request was from Matthijs Mohlmann <matthijs@cacholong.nl> to control@bugs.debian.org. (Sun, 08 Aug 2010 15:09:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, unknown-package@qa.debian.org:
Bug#370337; Package openldap2.3,openldap. (Mon, 09 Aug 2010 22:00:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Andreas B. Mundt" <andi.mundt@web.de>:
Extra info received and forwarded to list. Copy sent to unknown-package@qa.debian.org. (Mon, 09 Aug 2010 22:00:07 GMT) Full text and rfc822 format available.

Message #59 received at 370337@bugs.debian.org (full text, mbox):

From: "Andreas B. Mundt" <andi.mundt@web.de>
To: Luk Claes <luk@debian.org>
Cc: debian-edu@lists.debian.org, 370337@bugs.debian.org
Subject: Re: Fwd: Re: Make /etc/default/slapd automatically configurable
Date: Mon, 9 Aug 2010 23:59:53 +0200
On Sun, Aug 08, 2010 at 05:59:15PM +0200, Luk Claes wrote:
> Hi
> 
> Can someone more involved with Debian Edu have a look at this, TIA?

[...]

> This bug is open for a long time now, what reasonable defaults are
> needed for debian-edu ?
> 
> I've attached the default file currently shipped with OpenLDAP.

[...]

Here are the modifications needed/done by debian-edu: 

> # Default location of the slapd.conf file. If empty, use the compiled-in
> # default (/etc/ldap/slapd.conf). If using the cn=config backend to store
> # configuration in LDIF, set this variable to the directory containing the
> # cn=config data.
> SLAPD_CONF=
> 
> # System account to run the slapd server under. If empty the server
> # will run as root.
> SLAPD_USER="openldap"
> 
> # System group to run the slapd server under. If empty the server will
> # run in the primary group of its user.
> SLAPD_GROUP="openldap"
> 
> # Path to the pid file of the slapd server. If not set the init.d script
> # will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf by
> # default)
> SLAPD_PIDFILE=
> 
> # slapd normally serves ldap only on all TCP-ports 389. slapd can also
> # service requests on TCP-port 636 (ldaps) and requests via unix
> # sockets.
> # Example usage:
> # SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
> SLAPD_SERVICES="ldap:/// ldapi:///"

We currently add the deprecated ldaps:/// protocoll here:

SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"

It would be nice if we would not need ldaps and could only use
TLS. This has to be checked.

> # If SLAPD_NO_START is set, the init script will not start or restart
> # slapd (but stop will still work).  Uncomment this if you are
> # starting slapd via some other means or if you don't want slapd normally
> # started at boot.
> #SLAPD_NO_START=1
> 
> # If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
> # the init script will not start or restart slapd (but stop will still
> # work).  Use this for temporarily disabling startup of slapd (when doing
> # maintenance, for example, or through a configuration management system)
> # when you don't want to edit a configuration file.
> SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
> 
> # For Kerberos authentication (via SASL), slapd by default uses the system
> # keytab file (/etc/krb5.keytab).  To use a different keytab file,
> # uncomment this line and change the path.
> #export KRB5_KTNAME=/etc/krb5.keytab

We add: 
KRB5_KTNAME=/etc/krb5.keytab.ldap; export KRB5_KTNAME
here. We do not use the default keytab file because the user openldap
needs to have read permissions on that file.

> # Additional options to pass to slapd
> SLAPD_OPTIONS=""
> 
We use: 
SLAPD_OPTIONS="-4"
here, which might be there for traditional reasons.

I am currently not able to test the entries as I have no debian-edu
installation around for the time being.

Best regards,

     Andi




Information forwarded to debian-bugs-dist@lists.debian.org, unknown-package@qa.debian.org:
Bug#370337; Package openldap2.3,openldap. (Mon, 09 Aug 2010 22:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to unknown-package@qa.debian.org. (Mon, 09 Aug 2010 22:09:03 GMT) Full text and rfc822 format available.

Message #64 received at 370337@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: debian-edu@lists.debian.org
Cc: Luk Claes <luk@debian.org>, 370337@bugs.debian.org
Subject: Re: Fwd: Re: Make /etc/default/slapd automatically configurable
Date: Tue, 10 Aug 2010 00:05:33 +0200
[Andreas B. Mundt]
> We currently add the deprecated ldaps:/// protocoll here:
> 
> SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"
> 
> It would be nice if we would not need ldaps and could only use
> TLS. This has to be checked.

I've checked, and we still need ldaps to be able to download the SSL
certificate from the LDAP server to the clients during the first boot.
If someone can come up with a way to extract it using TLS, I am all
for dropping ldaps.

> We use: 
> SLAPD_OPTIONS="-4"
> here, which might be there for traditional reasons.

Not quite sure why we add that one.  It was added 2006-01-13 with this
changelog entry:

  [ Andreas Schuldei ]
  * making slapd use ipv4 only in cf.ldapserver (for uml testframework, where
    long timeouts occure when probing for ipv6 stuff)

No idea if it can be dropped or not.

Happy hacking,
-- 
Petter Reinholdtsen




Bug reassigned from package 'openldap2.3,openldap' to 'openldap'. Request was from Martin Michlmayr <tbm@cyrius.com> to control@bugs.debian.org. (Tue, 10 Aug 2010 09:45:10 GMT) Full text and rfc822 format available.

Bug reassigned from package 'openldap' to 'src:openldap'. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. (Tue, 10 Aug 2010 18:03:08 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 20:43:28 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.