[Pkg-openldap-devel] new debconf template for openldap

Sat Jan 7 20:43:56 UTC 2017

Dear debian-l10n-english,

I would like to ask for your review of a new debconf template for slapd.

Some background information: If slapd's configuration is not replicated 
to or from any other server, and has no overlays (plugins) applied to 
it, we can upgrade the schema automatically. However, if those 
conditions are not met (replicating the config database is uncommon but 
definitely supported), then it is not safe to perform the change 
offline: it has to be done by the admin *before* removing or replacing 
the old binaries.

What we do here is generate an LDIF file containing the necessary 
changeset, and show the admin how to apply it.

"Replication with other servers may be affected" is intentionally vague: 
depending on the specific configuration, this specific change might not 
be replicated, replication in general might get stuck and never sync 
again, or everything might just work.

Lintian complains about this template being too long, so I'd welcome 
suggestions for how to reduce it, as well as any other feedback.

Template: slapd/ppolicy_schema_needs_update
Type: select
__Choices: abort installation, continue regardless
DefaultChoice: abort installation
#flag:comment:2
# "ppolicy", "pwdMaxRecordedFailure", and "cn=config" are not translatable.
#flag:translate!:5,7
_Description: Manual ppolicy schema update recommended
 In the version of slapd about to be installed, the ppolicy overlay
 requires the new pwdMaxRecordedFailure attribute to be defined in the
 ppolicy schema. The schema contained in the cn=config database does not
 currently include this attribute.
 .
 You may choose to continue the installation. In this case, the
 maintainer scripts will add the new attribute automatically during the
 upgrade. However, the change will not be acted on by slapd overlays,
 and replication with other servers may be affected.
 .
 The ppolicy schema can be updated by applying the changes found in the
 following LDIF file:
 .
 ${ldif}
 .
 If slapd is using the default access control rules, after starting
 slapd, the changes can be applied using the following command:
 .
 ldapmodify -H ldapi:/// -Y EXTERNAL -f ${ldif}
 .
 It is recommended to abort the upgrade now and to update the ppolicy
 schema before upgrading slapd. If replication is in use, the schema
 update should be applied on every server before continuing with the
 upgrade.

The full templates file can be found in the git repository: 
https://anonscm.debian.org/git/pkg-openldap/openldap.git/tree/debian/slapd.templates

Thank you,
Ryan