[Pkg-openldap-devel] Bug#593965: slapd upgrade logic may mail on existing/working slapd.d/ configurations

Peter Marschall peter at adpm.de
Sat Aug 28 16:44:47 UTC 2010 

Hi,

On Tuesday, 24. August 2010, Matthijs Möhlmann wrote:
> > The logic for converting the configuration to a slapdd.d based one
> > currently tests
> > 
> > 	previous_version_older 2.4.23-3 || [ -f "${SLAPD_CONF}" ]
> > 
> > I.e. when upgrading from a version before 2.4.23-3 it will trigger.
> 
> Probably we need to change this to:
> 	previous_version_older 2.4.23-3 && [ -f "${SLAPD_CONF}" ]
> 
> In this case only versions older then 2.4.23-3 and still have a
> /etc/ldap/slapd.conf will trigger an upgrade to slapd.d

I thought very hard about this, and I think this nicely solves the issue.
It keeps the postinst logic simple.

Please see the attached patch ;-)

I may be mistaken, but I think that BTS# 594714 ("always set SLAPD_CONF") 
may be related to the issue here too.
Maybe the comment regarding SLAPD_CONF in /etc/default/slapd neds to be 
updated too.

> > Unfortunately I do not have a working patch for the situation,
> > especially as I am trying to achieve ome - maybe contradicting - goals:
> > - convert to slapd.d/ on upgrade
> 
> I've tested this with the current svn and it seems ok, I'll let it in
> svn one more day and will then upload it.

Thanks for uploading 2.4.23-4 which fixes 592878!!!

> > - do not overwrite existing slapd.d/ when newer than slapd.conf
> 
> Can you give an example on this case how to achieve this ?

One idea would be to test whether the slapd.d based config really works and is 
newer than a possibly existing file named slapd.conf

if [ -d /etc/ldap/slapd.d ]; then
	if [ -f /etc/ldap/slapd.conf ]; then
		NEWER=`find /etc/ldap/slapd.d/ -newer /etc/ldap/slapd.conf`
	else
		NEWER="true"	# always newer than a missing file ;-)
	fi

	if [ -n "$NEWER" ]; then
		slapdtest -F /etc/ldap/slapd.d > /dev/null 2>&1
		VALID=$?
	fi

	if [ "$VALID" = "0" ]; then
		... # here we know we have a working slapd.d config 
		    # that is more current than slapd.conf
	fi
fi

But this gets very complex, so I did not consider it sensible to write it in a 
patch.

> > - allow to keep a slapd.conf based config even after 2.4.23-3 ;-)
> > Especially the last one will be tricky (maybe it needs to be restricted)

You simple proposed patch above solved the issue in a very elegant way
After upgrading to something higher than 2.4.23-3 the migration is not 
triggered anymore, so I can switch back to slapd.conf easily ;-))

> As upstream moves away from a slapd.conf based config, why should we
> hold on to it ?
I admit, this is no long-term solution, but for a short/mid-term time frame
it helps when you need to change the config and are allowed to have down-time.

Currently lots of OL docs (man pages, ...) describe config options from 
slapd.conf; changing them there and converting the whole file to a slapd.d
based config later is far easier than updating the ldifs manually.
(I consider it less error prone too ;-)

Best regards
Peter
-- 
Peter Marschall
peter at adpm.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openldap-2.4.23-debian593965.patch
Type: text/x-patch
Size: 490 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20100828/fc33bcc3/attachment-0001.bin>

More information about the Pkg-openldap-devel mailing list