[Bug 571057] [NEW] slapd 2.4.21-0ubuntu5 corrupts olcDatabase={-1}frontend.ldif with duplicate olcAccess lines (again)

Stephen Warren swarren at wwwdotorg.org
Wed Apr 28 04:22:49 BST 2010 

Public bug reported:

Bug 526230 is back.

I had slapd 2.4.21-0ubuntu4 installed, then "apt-get dist-upgrade",
which pulled in slapd 2.4.21-0ubuntu5. This modified
/etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif by adding
duplicate olcAccess lines without any {0} index prefix, causing slapd to
fail to start. This caused:

==========
Setting up slapd (2.4.21-0ubuntu5) ...
  Backing up /etc/ldap/slapd.d/ in /var/backups/slapd-2.4.21-0ubuntu4... done.
Starting OpenLDAP: slapd - failed.
The operation failed but no output was produced. For hints on what went
wrong please refer to the system's logfiles (e.g. /var/log/syslog) or
try running the daemon in Debug mode like via "slapd -d 16383" (warning:
this will create copious output).

Below, you can find the command line options used by this script to 
run slapd. Do not forget to specify those options if you
want to look to debugging output:
  slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/ 
invoke-rc.d: initscript slapd, action "start" failed.
dpkg: error processing slapd (--configure):
 subprocess installed post-installation script returned error exit status 1
==========

and:

==========
Apr 27 21:15:16 esk slapd[8805]: @(#) $OpenLDAP: slapd 2.4.21 (Apr 26 2010 11:07:14) $#012#011buildd at rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
Apr 27 21:15:16 esk slapd[8805]: config error processing olcDatabase={-1}frontend,cn=config: ordered_value_sort failed on attr olcAccess#012
Apr 27 21:15:16 esk slapd[8805]: slapd stopped.
==========

due to content:

==========
dn: olcDatabase={-1}frontend
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcMonitoring: FALSE
olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: 9d222b1e-24cc-102e-9a29-375c9ad51446
creatorsName: cn=config
createTimestamp: 20090824073643Z
entryCSN: 20090824073643.173347Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20090824073643Z
==========

Note: I tried "apt-get dist-upgrade" a few times to see if the problem
would fix itself before investigating. I think each run added a new
duplicate olcAccess entry without checking for pre-existing entries.
After I deleted the first two olcAccess above, slapd would start again.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: slapd 2.4.21-0ubuntu5
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-generic i686
Architecture: i386
Date: Tue Apr 27 21:16:07 2010
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: openldap

** Affects: openldap (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-bug i386 lucid

-- 
slapd 2.4.21-0ubuntu5 corrupts olcDatabase={-1}frontend.ldif with duplicate olcAccess lines (again)
https://bugs.launchpad.net/bugs/571057
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

More information about the Ubuntu-server-bugs mailing list