Activity log for bug #571057

Date Who What changed Old value New value Message
2010-04-28 03:22:49 Stephen Warren bug added bug
2010-04-28 03:22:49 Stephen Warren attachment added Dependencies.txt http://launchpadlibrarian.net/45859593/Dependencies.txt
2010-04-28 12:40:26 Thierry Carrez openldap (Ubuntu): importance Undecided High
2010-04-28 12:40:26 Thierry Carrez openldap (Ubuntu): status New Confirmed
2010-04-28 12:40:26 Thierry Carrez openldap (Ubuntu): assignee Mathias Gug (mathiaz)
2010-04-28 12:40:54 Thierry Carrez bug task added ubuntu-release-notes
2010-04-28 13:54:51 Mathias Gug description Bug 526230 is back. I had slapd 2.4.21-0ubuntu4 installed, then "apt-get dist-upgrade", which pulled in slapd 2.4.21-0ubuntu5. This modified /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif by adding duplicate olcAccess lines without any {0} index prefix, causing slapd to fail to start. This caused: ========== Setting up slapd (2.4.21-0ubuntu5) ... Backing up /etc/ldap/slapd.d/ in /var/backups/slapd-2.4.21-0ubuntu4... done. Starting OpenLDAP: slapd - failed. The operation failed but no output was produced. For hints on what went wrong please refer to the system's logfiles (e.g. /var/log/syslog) or try running the daemon in Debug mode like via "slapd -d 16383" (warning: this will create copious output). Below, you can find the command line options used by this script to run slapd. Do not forget to specify those options if you want to look to debugging output: slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/ invoke-rc.d: initscript slapd, action "start" failed. dpkg: error processing slapd (--configure): subprocess installed post-installation script returned error exit status 1 ========== and: ========== Apr 27 21:15:16 esk slapd[8805]: @(#) $OpenLDAP: slapd 2.4.21 (Apr 26 2010 11:07:14) $#012#011buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd Apr 27 21:15:16 esk slapd[8805]: config error processing olcDatabase={-1}frontend,cn=config: ordered_value_sort failed on attr olcAccess#012 Apr 27 21:15:16 esk slapd[8805]: slapd stopped. ========== due to content: ========== dn: olcDatabase={-1}frontend objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 0 olcReadOnly: FALSE olcSchemaDN: cn=Subschema olcMonitoring: FALSE olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break structuralObjectClass: olcDatabaseConfig entryUUID: 9d222b1e-24cc-102e-9a29-375c9ad51446 creatorsName: cn=config createTimestamp: 20090824073643Z entryCSN: 20090824073643.173347Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090824073643Z ========== Note: I tried "apt-get dist-upgrade" a few times to see if the problem would fix itself before investigating. I think each run added a new duplicate olcAccess entry without checking for pre-existing entries. After I deleted the first two olcAccess above, slapd would start again. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: slapd 2.4.21-0ubuntu5 ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2 Uname: Linux 2.6.32-21-generic i686 Architecture: i386 Date: Tue Apr 27 21:16:07 2010 ProcEnviron: PATH=(custom, user) LANG=en_US.utf8 SHELL=/bin/bash SourcePackage: openldap Bug 526230 is back. I had slapd 2.4.21-0ubuntu4 installed, then "apt-get dist-upgrade", which pulled in slapd 2.4.21-0ubuntu5. This modified /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif by adding duplicate olcAccess lines without any {0} index prefix, causing slapd to fail to start. This caused: ========== Setting up slapd (2.4.21-0ubuntu5) ...   Backing up /etc/ldap/slapd.d/ in /var/backups/slapd-2.4.21-0ubuntu4... done. Starting OpenLDAP: slapd - failed. The operation failed but no output was produced. For hints on what went wrong please refer to the system's logfiles (e.g. /var/log/syslog) or try running the daemon in Debug mode like via "slapd -d 16383" (warning: this will create copious output). Below, you can find the command line options used by this script to run slapd. Do not forget to specify those options if you want to look to debugging output:   slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/ invoke-rc.d: initscript slapd, action "start" failed. dpkg: error processing slapd (--configure):  subprocess installed post-installation script returned error exit status 1 ========== and: ========== Apr 27 21:15:16 esk slapd[8805]: @(#) $OpenLDAP: slapd 2.4.21 (Apr 26 2010 11:07:14) $#012#011buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd Apr 27 21:15:16 esk slapd[8805]: config error processing olcDatabase={-1}frontend,cn=config: ordered_value_sort failed on attr olcAccess#012 Apr 27 21:15:16 esk slapd[8805]: slapd stopped. ========== due to content: ========== dn: olcDatabase={-1}frontend objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 0 olcReadOnly: FALSE olcSchemaDN: cn=Subschema olcMonitoring: FALSE olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break structuralObjectClass: olcDatabaseConfig entryUUID: 9d222b1e-24cc-102e-9a29-375c9ad51446 creatorsName: cn=config createTimestamp: 20090824073643Z entryCSN: 20090824073643.173347Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090824073643Z ========== Note: I tried "apt-get dist-upgrade" a few times to see if the problem would fix itself before investigating. I think each run added a new duplicate olcAccess entry without checking for pre-existing entries. After I deleted the first two olcAccess above, slapd would start again. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: slapd 2.4.21-0ubuntu5 ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2 Uname: Linux 2.6.32-21-generic i686 Architecture: i386 Date: Tue Apr 27 21:16:07 2010 ProcEnviron:  PATH=(custom, user)  LANG=en_US.utf8  SHELL=/bin/bash SourcePackage: openldap Lucid Release Note: == Openldap fails to start on upgrade == When upgrading some systems from Karmic openldap may fail to start by logging messages similar to "ordered_value_sort failed on attr olcAccess#012". To workaround the problem remove the line "olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break" from /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif and /etc/ldap/slapd./cn=config/olcDatabase={0}config.ldif.
2010-04-28 13:54:57 Mathias Gug ubuntu-release-notes: status New Confirmed
2010-04-28 13:55:25 Mathias Gug openldap (Ubuntu): status Confirmed Triaged
2010-04-28 23:50:50 Mathias Gug nominated for series Ubuntu Lucid
2010-04-28 23:50:50 Mathias Gug bug task added openldap (Ubuntu Lucid)
2010-04-29 02:30:47 Launchpad Janitor branch linked lp:~mathiaz/ubuntu/lucid/openldap/cleanup-olcaccess
2010-04-29 02:30:51 Mathias Gug openldap (Ubuntu Lucid): milestone lucid-updates
2010-04-29 15:07:00 Thierry Carrez ubuntu-release-notes: status Confirmed Fix Committed
2010-04-29 15:07:00 Thierry Carrez ubuntu-release-notes: assignee Thierry Carrez (ttx)
2010-05-31 10:15:28 Thierry Carrez ubuntu-release-notes: status Fix Committed Fix Released
2010-07-18 13:05:45 Ralph Weichert bug added subscriber Ralph Weichert
2010-07-20 08:26:14 Thierry Carrez openldap (Ubuntu Lucid): milestone lucid-updates ubuntu-10.04.1
2010-07-20 08:26:31 Thierry Carrez openldap (Ubuntu): milestone lucid-updates
2010-07-23 08:26:24 Thierry Carrez openldap (Ubuntu Lucid): status Triaged In Progress
2010-07-23 12:56:53 Mathias Gug openldap (Ubuntu): status Triaged Won't Fix
2010-07-23 13:41:24 Mathias Gug description Bug 526230 is back. I had slapd 2.4.21-0ubuntu4 installed, then "apt-get dist-upgrade", which pulled in slapd 2.4.21-0ubuntu5. This modified /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif by adding duplicate olcAccess lines without any {0} index prefix, causing slapd to fail to start. This caused: ========== Setting up slapd (2.4.21-0ubuntu5) ...   Backing up /etc/ldap/slapd.d/ in /var/backups/slapd-2.4.21-0ubuntu4... done. Starting OpenLDAP: slapd - failed. The operation failed but no output was produced. For hints on what went wrong please refer to the system's logfiles (e.g. /var/log/syslog) or try running the daemon in Debug mode like via "slapd -d 16383" (warning: this will create copious output). Below, you can find the command line options used by this script to run slapd. Do not forget to specify those options if you want to look to debugging output:   slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/ invoke-rc.d: initscript slapd, action "start" failed. dpkg: error processing slapd (--configure):  subprocess installed post-installation script returned error exit status 1 ========== and: ========== Apr 27 21:15:16 esk slapd[8805]: @(#) $OpenLDAP: slapd 2.4.21 (Apr 26 2010 11:07:14) $#012#011buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd Apr 27 21:15:16 esk slapd[8805]: config error processing olcDatabase={-1}frontend,cn=config: ordered_value_sort failed on attr olcAccess#012 Apr 27 21:15:16 esk slapd[8805]: slapd stopped. ========== due to content: ========== dn: olcDatabase={-1}frontend objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 0 olcReadOnly: FALSE olcSchemaDN: cn=Subschema olcMonitoring: FALSE olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break structuralObjectClass: olcDatabaseConfig entryUUID: 9d222b1e-24cc-102e-9a29-375c9ad51446 creatorsName: cn=config createTimestamp: 20090824073643Z entryCSN: 20090824073643.173347Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090824073643Z ========== Note: I tried "apt-get dist-upgrade" a few times to see if the problem would fix itself before investigating. I think each run added a new duplicate olcAccess entry without checking for pre-existing entries. After I deleted the first two olcAccess above, slapd would start again. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: slapd 2.4.21-0ubuntu5 ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2 Uname: Linux 2.6.32-21-generic i686 Architecture: i386 Date: Tue Apr 27 21:16:07 2010 ProcEnviron:  PATH=(custom, user)  LANG=en_US.utf8  SHELL=/bin/bash SourcePackage: openldap Lucid Release Note: == Openldap fails to start on upgrade == When upgrading some systems from Karmic openldap may fail to start by logging messages similar to "ordered_value_sort failed on attr olcAccess#012". To workaround the problem remove the line "olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break" from /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif and /etc/ldap/slapd./cn=config/olcDatabase={0}config.ldif. Bug 526230 is back. I had slapd 2.4.21-0ubuntu4 installed, then "apt-get dist-upgrade", which pulled in slapd 2.4.21-0ubuntu5. This modified /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif by adding duplicate olcAccess lines without any {0} index prefix, causing slapd to fail to start. This caused: ========== Setting up slapd (2.4.21-0ubuntu5) ...   Backing up /etc/ldap/slapd.d/ in /var/backups/slapd-2.4.21-0ubuntu4... done. Starting OpenLDAP: slapd - failed. The operation failed but no output was produced. For hints on what went wrong please refer to the system's logfiles (e.g. /var/log/syslog) or try running the daemon in Debug mode like via "slapd -d 16383" (warning: this will create copious output). Below, you can find the command line options used by this script to run slapd. Do not forget to specify those options if you want to look to debugging output:   slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/ invoke-rc.d: initscript slapd, action "start" failed. dpkg: error processing slapd (--configure):  subprocess installed post-installation script returned error exit status 1 ========== and: ========== Apr 27 21:15:16 esk slapd[8805]: @(#) $OpenLDAP: slapd 2.4.21 (Apr 26 2010 11:07:14) $#012#011buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd Apr 27 21:15:16 esk slapd[8805]: config error processing olcDatabase={-1}frontend,cn=config: ordered_value_sort failed on attr olcAccess#012 Apr 27 21:15:16 esk slapd[8805]: slapd stopped. ========== due to content: ========== dn: olcDatabase={-1}frontend objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 0 olcReadOnly: FALSE olcSchemaDN: cn=Subschema olcMonitoring: FALSE olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break structuralObjectClass: olcDatabaseConfig entryUUID: 9d222b1e-24cc-102e-9a29-375c9ad51446 creatorsName: cn=config createTimestamp: 20090824073643Z entryCSN: 20090824073643.173347Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20090824073643Z ========== Note: I tried "apt-get dist-upgrade" a few times to see if the problem would fix itself before investigating. I think each run added a new duplicate olcAccess entry without checking for pre-existing entries. After I deleted the first two olcAccess above, slapd would start again. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: slapd 2.4.21-0ubuntu5 ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2 Uname: Linux 2.6.32-21-generic i686 Architecture: i386 Date: Tue Apr 27 21:16:07 2010 ProcEnviron:  PATH=(custom, user)  LANG=en_US.utf8  SHELL=/bin/bash SourcePackage: openldap Lucid Release Note: == Openldap fails to start on upgrade == When upgrading some systems from Karmic openldap may fail to start by logging messages similar to "ordered_value_sort failed on attr olcAccess#012". To workaround the problem remove the line "olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break" from /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif and /etc/ldap/slapd./cn=config/olcDatabase={0}config.ldif. ========== SRU REPORT ========== BUG IMPACT: On systems upgraded from jaunty -> karmic -> lucid, the local root user is mapped to cn=localroot,cn=config. The latter dn has then full access to the cn=config tree. The olcAccess line added during the karmic upgrade isn't prefixed with an index. Additional olcAccess lines are added during the lucid upgrade which makes slapd fail to start as all olcAccess lines need to be prefixed with an index. BUG FIX: The olcAccess line is updated to have an index during the upgrade. TEST CASE: 1. Install slapd on a jaunty system. 2. Upgrade to karmic. 3. Upgrade to lucid: * without the fix: after upgrade slapd is not running. * with the fix: after upgrade slapd is running. REGRESSION POTENTIAL: Unknown.
2010-07-23 14:50:40 Mathias Gug bug added subscriber Ubuntu Stable Release Updates Team
2010-07-23 14:52:27 Launchpad Janitor branch linked lp:~mathiaz/ubuntu/lucid/openldap/lucid-sru-fix-karmic-upgrade
2010-07-27 06:14:30 Martin Pitt openldap (Ubuntu Lucid): status In Progress Fix Committed
2010-07-27 06:14:39 Martin Pitt bug added subscriber SRU Verification
2010-07-27 06:14:47 Martin Pitt tags apport-bug i386 lucid apport-bug i386 lucid verification-needed
2010-08-02 12:13:06 Olivier Cortès bug added subscriber Olivier Cortès
2010-08-09 23:23:31 Mathias Gug tags apport-bug i386 lucid verification-needed apport-bug i386 lucid verification-done
2010-08-10 07:22:47 Martin Pitt openldap (Ubuntu Lucid): status Fix Committed In Progress
2010-08-10 07:23:10 Martin Pitt tags apport-bug i386 lucid verification-done apport-bug i386 lucid
2010-08-10 16:02:28 Launchpad Janitor branch linked lp:ubuntu/lucid-proposed/openldap
2010-08-10 16:55:32 Martin Pitt openldap (Ubuntu Lucid): status In Progress Fix Committed
2010-08-10 16:55:49 Martin Pitt tags apport-bug i386 lucid apport-bug i386 lucid verification-needed
2010-08-10 21:29:31 Mathias Gug tags apport-bug i386 lucid verification-needed apport-bug i386 lucid verification-done
2010-08-12 05:36:16 Launchpad Janitor openldap (Ubuntu Lucid): status Fix Committed Fix Released
2011-09-19 21:15:26 Ubuntu Foundations Team Bug Bot tags apport-bug i386 lucid verification-done apport-bug i386 lucid testcase verification-done
2011-09-20 12:00:21 John Donlan bug added subscriber John Donlan