[Bug 538516] Re: slapd package configuration aborts due to "ordered_value_sort failed on attr olcAccess" error during Hardy -> Lucid upgrade

Nathan Stratton Treadway ubuntu.lp at nathanst.com
Sat Mar 13 20:53:55 GMT 2010 

I did some additional testing and believe that all Hardy -> Lucid
upgrades will hit this bug.

Specifically, I installed the "slapd" package on Hardy box, one that had
never had any openldap packages installed.  I let the package
installation script create the default slapd.conf file there, and then
copied the resulting file over to the machine that is now running Lucid.
I then created an empty slapd.d directory, ran "slaptest -f slapd.conf
-F slapd.d", and compared the new slapd.d directory tree with the
/etc/ldap/slapd.d tree that was generated from my system local
slapd.conf file.

Sure enough, the *{0}config.ldif file generated from the stock slapd.conf fle contained the same 
  olcAccess: {0}to *  by * none
line that was causing the conflict with the "olcAccess: to * by ..." line being added by the  slapd.postinst script.    (So in other words, even a stock, uncustomized slapd.conf file would trigger this error upon upgrade to Lucid's slapd.)

I see from the changelog.Debian.gz file for slapd that the postinst
script started edited this config file in the Karmic timeframe:

  openldap (2.4.17-1ubuntu3) karmic; urgency=low
     [...]
     * Add cn=localroot,cn=config authz mapping on upgrades.

   -- Mathias Gug < mathiaz at ubuntu.com>   Tue, 11 Aug 2009 14:48:56
-0400

Out of curiousity, I ran "slaptest -f slapd.conf -F ..." on my Hardy
box, and then compared the *{0}config.ldif file generated there with the
one generated on Lucid.. and saw that the "olcAccess: {0}to *  by *
none" line was NOT generated there.

So, I think that the issue here is that between 2.4.17 and 2.4.21, the
*{0}config.ldif file  generated by "slaptest -f ... -F ..." changed in
such a way that it's no longer compatible with the "cn=localroot" lines
that the postinst script is adding.

There was no problem for machines that were upgraded first to Intrepid
(when the configuration data migration took place) and then to Karmic
(when the "cn=localroot" lines were added to the previously-generated
*{0}config.ldif file)... but anyone migrating directly from Hardy will
run into problems since by openldap 2.4.21 the two steps are
incompatible....

-- 
slapd package configuration aborts due to "ordered_value_sort failed on attr olcAccess" error during Hardy -> Lucid upgrade
https://bugs.launchpad.net/bugs/538516
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

More information about the Ubuntu-server-bugs mailing list