[pkg-kolab] [Pkg-openldap-devel] Hacking slapd conffiles to fix an RC bug in kolabd (Was: Bug#596280: unblock: kolabd/2.2.4-20100624-2)

Steve Langasek vorlon at debian.org
Mon Sep 13 02:24:11 UTC 2010


Hi Mathieu,

On Sun, Sep 12, 2010 at 09:26:28PM +0200, Mathieu Parent (Debian) wrote:

> The recent move of slapd package to runtime config (aka cn=config, aka
> slapd.d) unfortunately broke kolabd. After a bootstrap by the user,
> kolabd manages some configuration files including slapd.conf. Since
> slapd 2.4.23-3, this is broken as described in #595539.

> I have proposed an hacky workaround which set slapd back to
> slapd.conf. Julien as Release Team member (thank you!), waits an ack
> for your team about this change. So: What do you think?

I don't think this is acceptable, sorry.  The migration to cn=config by
default is driven by upstream deprecation of slapd.conf, together with a
recognition that it's *harder* for other packages to integrate with slapd
when using slapd.conf.  I don't think installing kolabd should result in
having this change rolled back without asking; and anyway, the
implementation here isn't going to be reliable as most systems are going to
have SLAPD_CONF='' on upgrade anyway.

> Note that kolabd for Wheezy will manage cn=config natively (most
> probably by creating slapd.conf and using slaptest; but perhaps by
> directly issuing ldap commands).

Is there any reason this (slapd.conf + slaptest) couldn't be used as the
workaround in squeeze?  That still doesn't sound great to me given that it
would overwrite any previously present cn=config settings, but it seems to
be the existing practice that kolabd will overwrite slapd configs, so it
should at least do so in the preferred location; and getting this right
shouldn't be any harder than the policy-violating conffile overwrite.

I'm sorry that the change to slapd.d by default has landed as late as it
has, but again, I don't think it's acceptable for an external package to
roll back this change on users' systems and leave them with new upgrade
problems for wheezy, where slapd will *not* run the cn=config migration on
upgrade.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-kolab-devel/attachments/20100912/1731492a/attachment.pgp>


More information about the pkg-kolab-devel mailing list