Re: slapd upgrade from 2.0.27-4 to 2.1.22-1 is a catastrophe

To: debian-user@lists.debian.org
Subject: Re: slapd upgrade from 2.0.27-4 to 2.1.22-1 is a catastrophe
From: "Jean-Marc V. Liotier" <jim@jipo.com>
Date: 25 Jul 2003 18:46:18 +0200
Message-id: <[🔎] 1059151578.8074.90.camel@localhost>
In-reply-to: <[🔎] 1059146579.8074.72.camel@localhost>
References: <[🔎] 1059146579.8074.72.camel@localhost>

On Fri, 2003-07-25 at 17:23, Jean-Marc V. Liotier wrote:
> I have a testing system (with a handful of packages pinned to unstable).
> During the upgrade I performed today, slapd went from 2.0.27-4 to
> 2.1.22-1. The result is catastrophic :
> - Postfix no longer works properly (I am using ldap virtual maps)
> - The upgrade process produced a bunch of errors I do not understand but
> that seem to correlate with LDAP tree migration problems.

Here is what I got from Stephen Frost on debian-openldap. His answer is
very interesting.

-------------------------------------------------------------------

> Dumping directory to
> /var/backups/ldap/2.0.27-4/slapd-dc=ruwenzori,dc=net-slapcat.ldif with
> new slapcat... /etc/ldap/slapd.conf: line 53: unknown directive
> "defaultaccess" in ldbm database definition (ignored)
> done
> dn: ou=People,dc=ruwenzori,dc=net

This is kind of odd..  It sounds like the slapd.preinst script was
unable to slapcat the database with the 2.0.27-4 slapcat- not a good
sign.  Once you move back to 2.0.27-4 you might shut down your database
and see what happens when you run slapcat on it, it *should* work but if
it doesn't it could definitely cause problems during upgrade.

> [A bunch of additional assorted 'Missing RDN' and 'Mismatched RDN'
> errors]

The fix_ldif script is having a great deal of trouble performing the
migration from your old LDAP tree to a new compliant LDAP tree.  The
underlying problem is that the new version of slapd is much more picky
about schema's and proper form than the old version so we're trying to
fix old 2.0 LDIF's to be compliant.  Obviously this doesn't work in all
cases.

> slapd is started, but large chunks (I would say most) of my LDAP tree
> did not get through the conversion process that apparently happened

Unfortunately you may have to perform the conversion process yourself.
I'm willing to help and if we can fix things so that the conversion
process works for you that's great but it might not be possible to do in
a general way...

> Postfix keeps bitching about LDAP being broken, but I guess it is just
> the effect of the slapd setup being very broken, so I guess I should
not
> pay attention to those messages and focus on getting my LDAP tree back
> online in proper shape.

I expect the slapd database is, as you said, missing alot of things that
postfix is looking for which is what postfix is complaining about.

> I guess the quick fix would be to downgrade to slapd 2.0.27-4 but I
> can't find the package with that version. Has anyone got an archive
with
> old packages ?

There's always http://snapshot.debian.net/
(http://snapshot.debian.net/archive/2003/07/10/debian/pool/main/o/openldap2/
appears to have 2.0.27-4 packages).

Reply to:

Follow-Ups:
- Re: slapd upgrade from 2.0.27-4 to 2.1.22-1 is a catastrophe
  - From: "Jean-Marc V. Liotier" <jim@jipo.com>

References:
- slapd upgrade from 2.0.27-4 to 2.1.22-1 is a catastrophe
  - From: "Jean-Marc V. Liotier" <jim@jipo.com>

Prev by Date: Re: Compiling flphoto
Next by Date: Re: Debian/Testing and security updates
Previous by thread: slapd upgrade from 2.0.27-4 to 2.1.22-1 is a catastrophe
Next by thread: Re: slapd upgrade from 2.0.27-4 to 2.1.22-1 is a catastrophe
Index(es):
- Date
- Thread