2010-04-28 03:22:49 |
Stephen Warren |
bug |
|
|
added bug |
2010-04-28 03:22:49 |
Stephen Warren |
attachment added |
|
Dependencies.txt http://launchpadlibrarian.net/45859593/Dependencies.txt |
|
2010-04-28 12:40:26 |
Thierry Carrez |
openldap (Ubuntu): importance |
Undecided |
High |
|
2010-04-28 12:40:26 |
Thierry Carrez |
openldap (Ubuntu): status |
New |
Confirmed |
|
2010-04-28 12:40:26 |
Thierry Carrez |
openldap (Ubuntu): assignee |
|
Mathias Gug (mathiaz) |
|
2010-04-28 12:40:54 |
Thierry Carrez |
bug task added |
|
ubuntu-release-notes |
|
2010-04-28 13:54:51 |
Mathias Gug |
description |
Bug 526230 is back.
I had slapd 2.4.21-0ubuntu4 installed, then "apt-get dist-upgrade", which pulled in slapd 2.4.21-0ubuntu5. This modified /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif by adding duplicate olcAccess lines without any {0} index prefix, causing slapd to fail to start. This caused:
==========
Setting up slapd (2.4.21-0ubuntu5) ...
Backing up /etc/ldap/slapd.d/ in /var/backups/slapd-2.4.21-0ubuntu4... done.
Starting OpenLDAP: slapd - failed.
The operation failed but no output was produced. For hints on what went
wrong please refer to the system's logfiles (e.g. /var/log/syslog) or
try running the daemon in Debug mode like via "slapd -d 16383" (warning:
this will create copious output).
Below, you can find the command line options used by this script to
run slapd. Do not forget to specify those options if you
want to look to debugging output:
slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/
invoke-rc.d: initscript slapd, action "start" failed.
dpkg: error processing slapd (--configure):
subprocess installed post-installation script returned error exit status 1
==========
and:
==========
Apr 27 21:15:16 esk slapd[8805]: @(#) $OpenLDAP: slapd 2.4.21 (Apr 26 2010 11:07:14) $#012#011buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
Apr 27 21:15:16 esk slapd[8805]: config error processing olcDatabase={-1}frontend,cn=config: ordered_value_sort failed on attr olcAccess#012
Apr 27 21:15:16 esk slapd[8805]: slapd stopped.
==========
due to content:
==========
dn: olcDatabase={-1}frontend
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcMonitoring: FALSE
olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: 9d222b1e-24cc-102e-9a29-375c9ad51446
creatorsName: cn=config
createTimestamp: 20090824073643Z
entryCSN: 20090824073643.173347Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20090824073643Z
==========
Note: I tried "apt-get dist-upgrade" a few times to see if the problem would fix itself before investigating. I think each run added a new duplicate olcAccess entry without checking for pre-existing entries. After I deleted the first two olcAccess above, slapd would start again.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: slapd 2.4.21-0ubuntu5
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-generic i686
Architecture: i386
Date: Tue Apr 27 21:16:07 2010
ProcEnviron:
PATH=(custom, user)
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: openldap |
Bug 526230 is back.
I had slapd 2.4.21-0ubuntu4 installed, then "apt-get dist-upgrade", which pulled in slapd 2.4.21-0ubuntu5. This modified /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif by adding duplicate olcAccess lines without any {0} index prefix, causing slapd to fail to start. This caused:
==========
Setting up slapd (2.4.21-0ubuntu5) ...
Backing up /etc/ldap/slapd.d/ in /var/backups/slapd-2.4.21-0ubuntu4... done.
Starting OpenLDAP: slapd - failed.
The operation failed but no output was produced. For hints on what went
wrong please refer to the system's logfiles (e.g. /var/log/syslog) or
try running the daemon in Debug mode like via "slapd -d 16383" (warning:
this will create copious output).
Below, you can find the command line options used by this script to
run slapd. Do not forget to specify those options if you
want to look to debugging output:
slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/
invoke-rc.d: initscript slapd, action "start" failed.
dpkg: error processing slapd (--configure):
subprocess installed post-installation script returned error exit status 1
==========
and:
==========
Apr 27 21:15:16 esk slapd[8805]: @(#) $OpenLDAP: slapd 2.4.21 (Apr 26 2010 11:07:14) $#012#011buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
Apr 27 21:15:16 esk slapd[8805]: config error processing olcDatabase={-1}frontend,cn=config: ordered_value_sort failed on attr olcAccess#012
Apr 27 21:15:16 esk slapd[8805]: slapd stopped.
==========
due to content:
==========
dn: olcDatabase={-1}frontend
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcMonitoring: FALSE
olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: 9d222b1e-24cc-102e-9a29-375c9ad51446
creatorsName: cn=config
createTimestamp: 20090824073643Z
entryCSN: 20090824073643.173347Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20090824073643Z
==========
Note: I tried "apt-get dist-upgrade" a few times to see if the problem would fix itself before investigating. I think each run added a new duplicate olcAccess entry without checking for pre-existing entries. After I deleted the first two olcAccess above, slapd would start again.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: slapd 2.4.21-0ubuntu5
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-generic i686
Architecture: i386
Date: Tue Apr 27 21:16:07 2010
ProcEnviron:
PATH=(custom, user)
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: openldap
Lucid Release Note:
== Openldap fails to start on upgrade ==
When upgrading some systems from Karmic openldap may fail to start by logging messages similar to "ordered_value_sort failed on attr olcAccess#012". To workaround the problem remove the line "olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break" from /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif and /etc/ldap/slapd./cn=config/olcDatabase={0}config.ldif. |
|
2010-04-28 13:54:57 |
Mathias Gug |
ubuntu-release-notes: status |
New |
Confirmed |
|
2010-04-28 13:55:25 |
Mathias Gug |
openldap (Ubuntu): status |
Confirmed |
Triaged |
|
2010-04-28 23:50:50 |
Mathias Gug |
nominated for series |
|
Ubuntu Lucid |
|
2010-04-28 23:50:50 |
Mathias Gug |
bug task added |
|
openldap (Ubuntu Lucid) |
|
2010-04-29 02:30:47 |
Launchpad Janitor |
branch linked |
|
lp:~mathiaz/ubuntu/lucid/openldap/cleanup-olcaccess |
|
2010-04-29 02:30:51 |
Mathias Gug |
openldap (Ubuntu Lucid): milestone |
|
lucid-updates |
|
2010-04-29 15:07:00 |
Thierry Carrez |
ubuntu-release-notes: status |
Confirmed |
Fix Committed |
|
2010-04-29 15:07:00 |
Thierry Carrez |
ubuntu-release-notes: assignee |
|
Thierry Carrez (ttx) |
|
2010-05-31 10:15:28 |
Thierry Carrez |
ubuntu-release-notes: status |
Fix Committed |
Fix Released |
|
2010-07-18 13:05:45 |
Ralph Weichert |
bug |
|
|
added subscriber Ralph Weichert |
2010-07-20 08:26:14 |
Thierry Carrez |
openldap (Ubuntu Lucid): milestone |
lucid-updates |
ubuntu-10.04.1 |
|
2010-07-20 08:26:31 |
Thierry Carrez |
openldap (Ubuntu): milestone |
lucid-updates |
|
|
2010-07-23 08:26:24 |
Thierry Carrez |
openldap (Ubuntu Lucid): status |
Triaged |
In Progress |
|
2010-07-23 12:56:53 |
Mathias Gug |
openldap (Ubuntu): status |
Triaged |
Won't Fix |
|
2010-07-23 13:41:24 |
Mathias Gug |
description |
Bug 526230 is back.
I had slapd 2.4.21-0ubuntu4 installed, then "apt-get dist-upgrade", which pulled in slapd 2.4.21-0ubuntu5. This modified /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif by adding duplicate olcAccess lines without any {0} index prefix, causing slapd to fail to start. This caused:
==========
Setting up slapd (2.4.21-0ubuntu5) ...
Backing up /etc/ldap/slapd.d/ in /var/backups/slapd-2.4.21-0ubuntu4... done.
Starting OpenLDAP: slapd - failed.
The operation failed but no output was produced. For hints on what went
wrong please refer to the system's logfiles (e.g. /var/log/syslog) or
try running the daemon in Debug mode like via "slapd -d 16383" (warning:
this will create copious output).
Below, you can find the command line options used by this script to
run slapd. Do not forget to specify those options if you
want to look to debugging output:
slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/
invoke-rc.d: initscript slapd, action "start" failed.
dpkg: error processing slapd (--configure):
subprocess installed post-installation script returned error exit status 1
==========
and:
==========
Apr 27 21:15:16 esk slapd[8805]: @(#) $OpenLDAP: slapd 2.4.21 (Apr 26 2010 11:07:14) $#012#011buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
Apr 27 21:15:16 esk slapd[8805]: config error processing olcDatabase={-1}frontend,cn=config: ordered_value_sort failed on attr olcAccess#012
Apr 27 21:15:16 esk slapd[8805]: slapd stopped.
==========
due to content:
==========
dn: olcDatabase={-1}frontend
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcMonitoring: FALSE
olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: 9d222b1e-24cc-102e-9a29-375c9ad51446
creatorsName: cn=config
createTimestamp: 20090824073643Z
entryCSN: 20090824073643.173347Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20090824073643Z
==========
Note: I tried "apt-get dist-upgrade" a few times to see if the problem would fix itself before investigating. I think each run added a new duplicate olcAccess entry without checking for pre-existing entries. After I deleted the first two olcAccess above, slapd would start again.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: slapd 2.4.21-0ubuntu5
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-generic i686
Architecture: i386
Date: Tue Apr 27 21:16:07 2010
ProcEnviron:
PATH=(custom, user)
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: openldap
Lucid Release Note:
== Openldap fails to start on upgrade ==
When upgrading some systems from Karmic openldap may fail to start by logging messages similar to "ordered_value_sort failed on attr olcAccess#012". To workaround the problem remove the line "olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break" from /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif and /etc/ldap/slapd./cn=config/olcDatabase={0}config.ldif. |
Bug 526230 is back.
I had slapd 2.4.21-0ubuntu4 installed, then "apt-get dist-upgrade", which pulled in slapd 2.4.21-0ubuntu5. This modified /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif by adding duplicate olcAccess lines without any {0} index prefix, causing slapd to fail to start. This caused:
==========
Setting up slapd (2.4.21-0ubuntu5) ...
Backing up /etc/ldap/slapd.d/ in /var/backups/slapd-2.4.21-0ubuntu4... done.
Starting OpenLDAP: slapd - failed.
The operation failed but no output was produced. For hints on what went
wrong please refer to the system's logfiles (e.g. /var/log/syslog) or
try running the daemon in Debug mode like via "slapd -d 16383" (warning:
this will create copious output).
Below, you can find the command line options used by this script to
run slapd. Do not forget to specify those options if you
want to look to debugging output:
slapd -h 'ldap:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/
invoke-rc.d: initscript slapd, action "start" failed.
dpkg: error processing slapd (--configure):
subprocess installed post-installation script returned error exit status 1
==========
and:
==========
Apr 27 21:15:16 esk slapd[8805]: @(#) $OpenLDAP: slapd 2.4.21 (Apr 26 2010 11:07:14) $#012#011buildd@rothera:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
Apr 27 21:15:16 esk slapd[8805]: config error processing olcDatabase={-1}frontend,cn=config: ordered_value_sort failed on attr olcAccess#012
Apr 27 21:15:16 esk slapd[8805]: slapd stopped.
==========
due to content:
==========
dn: olcDatabase={-1}frontend
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcMonitoring: FALSE
olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: 9d222b1e-24cc-102e-9a29-375c9ad51446
creatorsName: cn=config
createTimestamp: 20090824073643Z
entryCSN: 20090824073643.173347Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20090824073643Z
==========
Note: I tried "apt-get dist-upgrade" a few times to see if the problem would fix itself before investigating. I think each run added a new duplicate olcAccess entry without checking for pre-existing entries. After I deleted the first two olcAccess above, slapd would start again.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: slapd 2.4.21-0ubuntu5
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-generic i686
Architecture: i386
Date: Tue Apr 27 21:16:07 2010
ProcEnviron:
PATH=(custom, user)
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: openldap
Lucid Release Note:
== Openldap fails to start on upgrade ==
When upgrading some systems from Karmic openldap may fail to start by logging messages similar to "ordered_value_sort failed on attr olcAccess#012". To workaround the problem remove the line "olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break" from /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif and /etc/ldap/slapd./cn=config/olcDatabase={0}config.ldif.
==========
SRU REPORT
==========
BUG IMPACT:
On systems upgraded from jaunty -> karmic -> lucid, the local root
user is mapped to cn=localroot,cn=config. The latter dn has then full
access to the cn=config tree. The olcAccess line added during the
karmic upgrade isn't prefixed with an index. Additional olcAccess
lines are added during the lucid upgrade which makes slapd fail to
start as all olcAccess lines need to be prefixed with an index.
BUG FIX:
The olcAccess line is updated to have an index during the upgrade.
TEST CASE:
1. Install slapd on a jaunty system.
2. Upgrade to karmic.
3. Upgrade to lucid:
* without the fix: after upgrade slapd is not running.
* with the fix: after upgrade slapd is running.
REGRESSION POTENTIAL:
Unknown.
|
|
2010-07-23 14:50:40 |
Mathias Gug |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2010-07-23 14:52:27 |
Launchpad Janitor |
branch linked |
|
lp:~mathiaz/ubuntu/lucid/openldap/lucid-sru-fix-karmic-upgrade |
|
2010-07-27 06:14:30 |
Martin Pitt |
openldap (Ubuntu Lucid): status |
In Progress |
Fix Committed |
|
2010-07-27 06:14:39 |
Martin Pitt |
bug |
|
|
added subscriber SRU Verification |
2010-07-27 06:14:47 |
Martin Pitt |
tags |
apport-bug i386 lucid |
apport-bug i386 lucid verification-needed |
|
2010-08-02 12:13:06 |
Olivier Cortès |
bug |
|
|
added subscriber Olivier Cortès |
2010-08-09 23:23:31 |
Mathias Gug |
tags |
apport-bug i386 lucid verification-needed |
apport-bug i386 lucid verification-done |
|
2010-08-10 07:22:47 |
Martin Pitt |
openldap (Ubuntu Lucid): status |
Fix Committed |
In Progress |
|
2010-08-10 07:23:10 |
Martin Pitt |
tags |
apport-bug i386 lucid verification-done |
apport-bug i386 lucid |
|
2010-08-10 16:02:28 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-proposed/openldap |
|
2010-08-10 16:55:32 |
Martin Pitt |
openldap (Ubuntu Lucid): status |
In Progress |
Fix Committed |
|
2010-08-10 16:55:49 |
Martin Pitt |
tags |
apport-bug i386 lucid |
apport-bug i386 lucid verification-needed |
|
2010-08-10 21:29:31 |
Mathias Gug |
tags |
apport-bug i386 lucid verification-needed |
apport-bug i386 lucid verification-done |
|
2010-08-12 05:36:16 |
Launchpad Janitor |
openldap (Ubuntu Lucid): status |
Fix Committed |
Fix Released |
|
2011-09-19 21:15:26 |
Ubuntu Foundations Team Bug Bot |
tags |
apport-bug i386 lucid verification-done |
apport-bug i386 lucid testcase verification-done |
|
2011-09-20 12:00:21 |
John Donlan |
bug |
|
|
added subscriber John Donlan |