[Bug 571057] Re: slapd 2.4.21-0ubuntu5 corrupts olcDatabase={-1}frontend.ldif with duplicate olcAccess lines (again)

Mathias Gug mathiaz at ubuntu.com
Wed Apr 28 14:58:20 BST 2010 

This bug should only affect systems that have been installed in
Intrepid/Jaunty, upgraded to Karmic then Lucid.

Systems installed in Karmic and systems upgrading from Hardy shouldn't
be affected.

** Description changed:

  Bug 526230 is back.
  
  I had slapd 2.4.21-0ubuntu4 installed, then "apt-get dist-upgrade",
  which pulled in slapd 2.4.21-0ubuntu5. This modified
  /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif by adding
  duplicate olcAccess lines without any {0} index prefix, causing slapd to
  fail to start. This caused:
  
  ==========
  Setting up slapd (2.4.21-0ubuntu5) ...
-   Backing up /etc/ldap/slapd.d/ in /var/backups/slapd-2.4.21-0ubuntu4... done.
+   Backing up /etc/ldap/slapd.d/ in /var/backups/slapd-2.4.21-0ubuntu4... done.
  Starting OpenLDAP: slapd - failed.
  The operation failed but no output was produced. For hints on what went
  wrong please refer to the system's logfiles (e.g. /var/log/syslog) or
  try running the daemon in Debug mode like via "slapd -d 16383" (warning:
  this will create copious output).
  
- Below, you can find the command line options used by this script to 
+ Below, you can find the command line options used by this script to
  run slapd. Do not forget to specify those options if you
  want to look to debugging output:
-   slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/ 
+   slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/
  invoke-rc.d: initscript slapd, action "start" failed.
  dpkg: error processing slapd (--configure):
-  subprocess installed post-installation script returned error exit status 1
+  subprocess installed post-installation script returned error exit status 1
  ==========
  
  and:
  
  ==========
  Apr 27 21:15:16 esk slapd[8805]: @(#) $OpenLDAP: slapd 2.4.21 (Apr 26 2010 11:07:14) $#012#011buildd at rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
  Apr 27 21:15:16 esk slapd[8805]: config error processing olcDatabase={-1}frontend,cn=config: ordered_value_sort failed on attr olcAccess#012
  Apr 27 21:15:16 esk slapd[8805]: slapd stopped.
  ==========
  
  due to content:
  
  ==========
  dn: olcDatabase={-1}frontend
  objectClass: olcDatabaseConfig
  objectClass: olcFrontendConfig
  olcDatabase: {-1}frontend
  olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
  olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
  olcAddContentAcl: FALSE
  olcLastMod: TRUE
  olcMaxDerefDepth: 0
  olcReadOnly: FALSE
  olcSchemaDN: cn=Subschema
  olcMonitoring: FALSE
  olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
  structuralObjectClass: olcDatabaseConfig
  entryUUID: 9d222b1e-24cc-102e-9a29-375c9ad51446
  creatorsName: cn=config
  createTimestamp: 20090824073643Z
  entryCSN: 20090824073643.173347Z#000000#000#000000
  modifiersName: cn=config
  modifyTimestamp: 20090824073643Z
  ==========
  
  Note: I tried "apt-get dist-upgrade" a few times to see if the problem
  would fix itself before investigating. I think each run added a new
  duplicate olcAccess entry without checking for pre-existing entries.
  After I deleted the first two olcAccess above, slapd would start again.
  
  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: slapd 2.4.21-0ubuntu5
  ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2
  Uname: Linux 2.6.32-21-generic i686
  Architecture: i386
  Date: Tue Apr 27 21:16:07 2010
  ProcEnviron:
-  PATH=(custom, user)
-  LANG=en_US.utf8
-  SHELL=/bin/bash
+  PATH=(custom, user)
+  LANG=en_US.utf8
+  SHELL=/bin/bash
  SourcePackage: openldap
+ 
+ Lucid Release Note:
+ 
+ == Openldap fails to start on upgrade ==
+ 
+ When upgrading some systems from Karmic openldap may fail to start by
+ logging messages similar to "ordered_value_sort failed on attr
+ olcAccess#012". To workaround the problem remove the line "olcAccess: to
+ * by dn.exact=cn=localroot,cn=config manage by * break" from
+ /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif and
+ /etc/ldap/slapd./cn=config/olcDatabase={0}config.ldif.

** Changed in: ubuntu-release-notes
       Status: New => Confirmed

** Changed in: openldap (Ubuntu)
       Status: Confirmed => Triaged

-- 
slapd 2.4.21-0ubuntu5 corrupts olcDatabase={-1}frontend.ldif with duplicate olcAccess lines (again)
https://bugs.launchpad.net/bugs/571057
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

More information about the Ubuntu-server-bugs mailing list