FS#22566 : [openldap] [patch] support new configuration directory

FS#22566 - [openldap] [patch] support new configuration directory

Attached to Project: Arch Linux
Opened by Devin J. Pohly (djpohly) - Sunday, 23 January 2011, 06:15 GMT
Last edited by Andrea Scarpino (BaSh) - Sunday, 23 January 2011, 18:01 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Andrea Scarpino (BaSh)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
OpenLDAP configuration can now be stored in an LDAP directory instead of in a file (see http://www.openldap.org/doc/admin24/slapdconf2.html). In order to pass the correct parameters to slapd on Arch, the user will have to edit the rc script, since the config-file parameter is hard-coded there.

Additional info:
* openldap 2.4.23-2

Steps to reproduce:
1. Set up OpenLDAP.
2. Convert your configuration file to a configuration directory:
# cd /etc/openldap
# mkdir slapd.d
# slaptest -f slapd.conf -F slapd.d
3. (Re)move the old configuration file.
4. Notice that it is probably preferable to edit /etc/default/slapd instead of /etc/rc.d/slapd.

Attached patch moves the config-file parameter to /etc/default/slapd, allowing a user to more comfortably change it, e.g. from "-f /etc/openldap/slapd.conf" to "-F /etc/openldap/slapd.d".

ldap-conf.patch (0.9 KiB)

This task depends upon

Closed by Andrea Scarpino (BaSh)
Sunday, 23 January 2011, 18:01 GMT
Reason for closing: Implemented
Additional comments about closing: openldap 2.4.23-4

Comment by Andrea Scarpino (BaSh) - Sunday, 23 January 2011, 10:53 GMT

implemented in openldap 2.4.23-3 in [testing], could you try it?

Comment by Devin J. Pohly (djpohly) - Sunday, 23 January 2011, 15:53 GMT

Tried it and it worked for me. (Glad to see the move to conf.d.)

A few issues/thoughts:
* We might want to vercmp against 2.4.23-3. If you upgrade from 2.4.23-1 or -2, the configuration file won't be updated.
* The rc script should source /etc/conf.d/slapd instead of /etc/default/slapd.
* By default, slapd tries to read /etc/openldap/slapd.d/, then /etc/openldap/slapd.conf, so we don't technically need the configuration location in the default conf.d script at all.
* The slapd.d directory should be mode 700 like slapd.conf was.
* The automatic upgrade seems a bit intrusive. It might be good to put a note about the change to slapd.d in the post_upgrade hook, since we are significantly modifying the way that slapd configuration works. Alternatively, we could just encourage the admin to upgrade the configuration manually, and perhaps provide a wiki page (which I wouldn't mind writing).

Comment by Andrea Scarpino (BaSh) - Sunday, 23 January 2011, 16:32 GMT

Ok, pushed openldap 2.4.23-4, changes:
* The rc script source /etc/conf.d/slapd instead of /etc/default/slapd
* removed useless option in /etc/conf.d/slapd
* /etc/openldap/slapd.d/ is 700
* removed the automatic upgrade (this was not working at all)

other suggestions? is this ok?

Comment by Devin J. Pohly (djpohly) - Sunday, 23 January 2011, 17:47 GMT

Works great! Tested with config file and empty dir, config file and directory (directory takes precedence), and config directory without file, and all worked as expected.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#22566 - [openldap] [patch] support new configuration directory

Details

Loading...