Debian
openldap package

conf.d directory not a configuration directory

Bug #667597 reported by Will Dowling
30
This bug affects 3 people
Affects Status Importance Assigned to Milestone
openldap (Debian)
New
Unknown
openldap (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

# cat /etc/issue
Ubuntu 10.04.1 LTS \n \l

# apt-cache policy slapd
slapd:
  Installed: 2.4.21-0ubuntu5.3
  Candidate: 2.4.21-0ubuntu5.3
  Version table:
 *** 2.4.21-0ubuntu5.3 0
        500 ftp://10.1.4.17/ubuntu/ lucid-updates/main Packages
        100 /var/lib/dpkg/status
     2.4.21-0ubuntu5.2 0
        500 ftp://10.1.4.17/ubuntu/ lucid-security/main Packages
     2.4.21-0ubuntu5 0
        500 ftp://10.1.4.17/ubuntu/ lucid/main Packages

PROBLEM DESCRIPTION:

The slapd package deploys the cn=config directory /etc/ldap/slapd.d/cn=config

Howard Chu, Chief Architect of the OpenLDAP project has publicly stated that the slapd.d directory is a configuration DATABASE and is not user-editable[1].

The placement of this configuration database under /etc/ violates the Debian Filesystem Hierarchy Standard v2.3 [2] to which Ubuntu also adheres [3].

This is confusing for administrators migrating to the new cn=config and can lead them to editing the database directly, which is not documented nor intended.

SUGGESTED FIX:
    * Ensure that slapd creates the configuration database somewhere under /var/lib
    * Ensure that the slapd package's postinst does not modify the configuration database directly
    * Ensure that the /etc/default/slapd file sets the SLAPD_CONF variable to the new location of the configuration database

NOTES:

This may need to be reported to the upstream Debian maintainers, however it is my understanding that lenny still uses slapd.conf (and I have not had time to test an unstable/testing box or inspect the source package, yet).

[1] http://www.openldap.org/lists/openldap-technical/201009/msg00023.html
[2] http://www.debian.org/doc/packaging-manuals/fhs/fhs-2.3.html
[3] http://people.canonical.com/~cjwatson/ubuntu-policy/policy.html/ch-opersys.html#s-fhs

Mathias Gug (mathiaz)
Changed in openldap (Ubuntu):
importance: Undecided → Medium
Abhishek kumar singh (abhishekkumarsingh-cse)
Changed in openldap (Ubuntu):
assignee: nobody → Abhishek kumar singh (abhishekkumarsingh-cse)
status: New → In Progress
Bug Watch Updater (bug-watch-updater)
Changed in openldap (Debian):
status: Unknown → New
Ryan Tandy (rtandy)
Changed in openldap (Ubuntu):
assignee: Abhishek kumar singh (abhishekkumarsingh-cse) → nobody
status: In Progress → Confirmed
Revision history for this message
Joshua Powers (powersj) wrote :

In zesty it appears the location is still the same:

# Default location of the slapd.conf file or slapd.d cn=config directory. If
# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to
# /etc/ldap/slapd.conf).

Someone with more familiarity might be able to comment, but still need to look into the postinst to see if things are modified or not.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.