[Bug 667597] [NEW] conf.d directory not a configuration directory
Will Dowling
667597 at bugs.launchpad.net
Thu Oct 28 05:25:25 BST 2010
Public bug reported:
# cat /etc/issue
Ubuntu 10.04.1 LTS \n \l
# apt-cache policy slapd
slapd:
Installed: 2.4.21-0ubuntu5.3
Candidate: 2.4.21-0ubuntu5.3
Version table:
*** 2.4.21-0ubuntu5.3 0
500 ftp://10.1.4.17/ubuntu/ lucid-updates/main Packages
100 /var/lib/dpkg/status
2.4.21-0ubuntu5.2 0
500 ftp://10.1.4.17/ubuntu/ lucid-security/main Packages
2.4.21-0ubuntu5 0
500 ftp://10.1.4.17/ubuntu/ lucid/main Packages
PROBLEM DESCRIPTION:
The slapd package deploys the cn=config directory
/etc/ldap/slapd.d/cn=config
Howard Chu, Chief Architect of the OpenLDAP project has publicly stated
that the slapd.d directory is a configuration DATABASE and is not user-
editable[1].
The placement of this configuration database under /etc/ violates the
Debian Filesystem Hierarchy Standard v2.3 [2] to which Ubuntu also
adheres [3].
This is confusing for administrators migrating to the new cn=config and
can lead them to editing the database directly, which is not documented
nor intended.
SUGGESTED FIX:
* Ensure that slapd creates the configuration database somewhere under /var/lib
* Ensure that the slapd package's postinst does not modify the configuration database directly
* Ensure that the /etc/default/slapd file sets the SLAPD_CONF variable to the new location of the configuration database
NOTES:
This may need to be reported to the upstream Debian maintainers, however
it is my understanding that lenny still uses slapd.conf (and I have not
had time to test an unstable/testing box or inspect the source package,
yet).
[1] http://www.openldap.org/lists/openldap-technical/201009/msg00023.html
[2] http://www.debian.org/doc/packaging-manuals/fhs/fhs-2.3.html
[3] http://people.canonical.com/~cjwatson/ubuntu-policy/policy.html/ch-opersys.html#s-fhs
** Affects: openldap (Ubuntu)
Importance: Undecided
Status: New
--
conf.d directory not a configuration directory
https://bugs.launchpad.net/bugs/667597
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
More information about the Ubuntu-server-bugs
mailing list