Bug#765747: RFS: openldap/2.4.40-1 [RC]

To: Ferenc Wagner <wferi@niif.hu>
Cc: 765747@bugs.debian.org
Subject: Bug#765747: RFS: openldap/2.4.40-1 [RC]
From: Ryan Tandy <ryan@nardis.ca>
Date: Sat, 18 Oct 2014 12:10:34 -0700
Message-id: <[🔎] 5442BB2A.7030001@nardis.ca>
Reply-to: Ryan Tandy <ryan@nardis.ca>, 765747@bugs.debian.org
In-reply-to: <[🔎] 87ppdpiv8x.fsf@lant.ki.iif.hu>
References: <[🔎] 544166D8.2010206@nardis.ca> <[🔎] 87ppdpiv8x.fsf@lant.ki.iif.hu>

Hi Ferenc, thank you very much for your comments!

On 18/10/14 02:26 AM, Ferenc Wagner wrote:
> Ryan Tandy <ryan@nardis.ca> writes:
> 
>>      - Invoke find, chmod, and chown with -H in case /var/lib/ldap is a
>>        symlink. (Closes: #742862)
> 
> You mean chgrp, not chmod.

Right. Thanks.

>>    * debian/slapd.README.Debian: Add a note about database format
>>      upgrades and the consequences of missing one. (Closes: #594711)
> 
> "HDB is the recommended database backend."  Is this still so?  Not MDB?

At the time I wrote that, the documentation still recommended hdb. Now
it has indeed changed to mdb. Personally I am still undecided as to
whether Debian should follow right now, or in the next release. It's
certainly the case that only mdb is likely to receive attention and
fixes going forward.

> Maybe the Logging section could mention rsyslog, which is the current
> default system log daemon.  I personally use /etc/rsyslog.d/50-slapd.conf:
> 
>   # Globally turn off rate limiting on the unix socket (mostly slapd logs)
>   $SystemLogRateLimitInterval 0
> 
>   local4.* -/var/log/slapd.log
>   & ~
> 
> with a corresponding logrotate snippet, although it could be done
> another way as well (http://wiki.rsyslog.com/index.php/DailyLogRotation).

Would you be willing to provide a patch against the README for that? I'd
be happy to git-am it.

>>    * debian/slapd.init.ldif:
> 
> Btw: why do you give rigths to the RootDN explicitly?  Doesn't it skip
> all ACL processing anyway?

Good point, again; I hadn't noticed that. In debian/slapd.conf the
rootdn line is commented and we just have the explicit ACLs. I think I
would do the same with slapd.init.ldif, and drop olcRoot{DN,PW}.

> I much hope to see OpenLDAP 2.4.40 in jessie!

Thanks for your support! :)

On 18/10/14 05:36 AM, Ferenc Wagner wrote:
> I backported your package to wheezy and upgraded a machine carrying a
> partial replica.  The upgrade failed, so I added the -s option to the
> slapadd call in the postinst.  Please consider using it.

See #614569. I would like to fix it for jessie, but it might be in a
later upload. I only want to add -s in cases where it's strictly needed,
not in general.

> Btw. is the dump/restore necessary with MDB?  I found no information
> about the format incompatibilities between the various versions.

It's not (details in #750022). I filed #759597 about that. Might or
might not get it fixed for jessie. #614569 and #761406 are both more
important to me; this is annoying but doesn't break anything (AFAIK).

thanks,
Ryan

Reply to:

Follow-Ups:
- Bug#765747: RFS: openldap/2.4.40-1 [RC]
  - From: Ferenc Wagner <wferi@niif.hu>

References:
- Bug#765747: RFS: openldap/2.4.40-1 [RC]
  - From: Ryan Tandy <ryan@nardis.ca>
- Bug#765747: RFS: openldap/2.4.40-1 [RC]
  - From: Ferenc Wagner <wferi@niif.hu>

Prev by Date: Bug#765747: RFS: openldap/2.4.40-1 [RC]
Next by Date: Bug#765860: RFS: lxqt-config/0.8.0-1 [ITP: #747597]
Previous by thread: Bug#765747: RFS: openldap/2.4.40-1 [RC]
Next by thread: Bug#765747: RFS: openldap/2.4.40-1 [RC]
Index(es):
- Date
- Thread