wrong permissions to access ldapi

Thanks for your bug report. Your debdiff doesn't work as expected as /var/run is a tmpfs directory and is recreated every time the system is booted.

Moreover, according the init script /etc/init.d/slapd, the symlink is there to maintain backward compatibility with openldap 2.1 client libraries:

    # Backward compatibility with OpenLDAP 2.1 client libraries.
    if [ ! -h /var/run/ldapi ] && [ ! -e /var/run/ldapi ] ; then
        ln -s slapd/ldapi /var/run/ldapi
    fi

Hi Mathias,

Thanks for taking care of this.

Yes, /var/run is recreated every time the system is booted, but that's fine because /etc/init.d/slapd does the work ok:

    # Make sure the pidfile directory exists with correct permissions
    piddir=`dirname "$SLAPD_PIDFILE"`
    if [ ! -d "$piddir" ]; then
            mkdir -p "$piddir"
            [ -z "$SLAPD_USER" ] || chown -R "$SLAPD_USER" "$piddir"
            [ -z "$SLAPD_GROUP" ] || chgrp -R "$SLAPD_GROUP" "$piddir"
    fi

So as there's no umask the permissions for $piddir will be fine.

The issue comes up between the first time the package is installed and the first boot. That's what my debdiff tries to address.

You are right Javier.

However, I'd suggest to always fix the permission in the init script just after the ownership are set. It's simpler.

This bug was fixed in the package openldap - 2.4.11-0ubuntu4

---------------
openldap (2.4.11-0ubuntu4) intrepid; urgency=low

  * debian/slapd.postinst, debian/slapd.script-common: set correct ownership
    and permissions on /var/lib/ldap, /etc/ldap/slapd.d (group readable) and
    /var/run/slapd (world readable). (LP: #257667).
  * debian/slapd.script-common:
    - Fix package reconfiguration:
      + Remove slapd.d/ directory if it already exists when creating a new
        configuration.
      + Fix backup directory naming for multiple reconfiguration.

 -- Mathias Gug <email address hidden> Wed, 24 Sep 2008 21:01:42 -0400