Ubuntu
openldap package

ldap server restore failed during upgrade to jaunty

Bug #371023 reported by MarianoAbsatz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

I was doing a release upgrade on a remote server (actually a kvm virtual machine within a remote server).

The virtual machine is only an openldap server with very few packages installed (was created with vmbuilder).

During the update it asked about keeping my modified configuration or installing the mantainer's. Since I had extensively modified the default configuration I opted to keep mine.

It did backup the configuration, but couldn't restore it.

My guess is that this is because, rather than the new cn=config directory type of configuration, I'm using the old slapd.conf method, when the upgrade couldn't find the slapd.d/cn=config directory in the backup, it messed everything up.

Revision history for this message
MarianoAbsatz (el-baby) wrote :
Revision history for this message
MarianoAbsatz (el-baby) wrote :
Download full text (4.0 KiB)

Some more info. The following was the output I saw in my terminal which helped me to fix the server (fix in next comment):

Configuration file `/etc/default/slapd'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ? Your options are:
    Y or I : install the package maintainer's version
    N or O : keep your currently-installed version
      D : show the differences between the versions
      Z : background this process to examine the situation
 The default action is to keep your current version.
*** slapd (Y/I/N/O/D/Z) [default=N] ? n
Installing new version of config file /etc/init.d/slapd ...
  Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.4.11-0ubuntu6.1... done.
  Moving old database directories to /var/backups:
  - directory o=cejil... done.
  Loading from /var/backups/slapd-2.4.11-0ubuntu6.1:
  - directory o=cejil... failed.

Loading the database from the LDIF dump failed with the following
error while running slapadd:
    ldif_read_file: Not a directory for "/etc/ldap/slapd.conf/cn=config.ldif"
    slapadd: bad configuration directory!
dpkg: error processing slapd (--configure):
 subprocess post-installation script returned error exit status 1
Setting up libclass-accessor-perl (0.31-2) ...
Setting up libio-string-perl (1.08-2) ...
Setting up libtimedate-perl (1.1600-9) ...
Setting up libparse-debianchangelog-perl (1.1.1-2ubuntu1) ...
Setting up ubuntu-minimal (1.140) ...
Setting up grub (0.97-29ubuntu53) ...
Installing new version of config file /etc/kernel/prerm.d/last-good-boot ...

Setting up linux-image-server (2.6.28.11.15) ...
Processing triggers for libc6 ...
ldconfig deferred processing now taking place
Processing triggers for python-support ...
Processing triggers for initramfs-tools ...
update-initramfs: Generating /boot/initrd.img-2.6.28-11-server
Errors were encountered while processing:
 slapd

Could not install the upgrades

The upgrade is now aborted. Your system could be in an unusable
state. A recovery will run now (dpkg --configure -a).

Please report this bug against the 'update-manager' package and
include the files in /var/log/dist-upgrade/ in the bug report.
E:Sub-process /usr/bin/dpkg returned an error code (1)

Setting up slapd (2.4.15-1ubuntu3) ...
  Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.4.11-0ubuntu6.1... done.
  Moving old database directories to /var/backups:
  Loading from /var/backups/slapd-2.4.11-0ubuntu6.1:
  - directory o=cejil... failed.

Loading the database from the LDIF dump failed with the following
error while running slapadd:
    ldif_read_file: Not a directory for "/etc/ldap/slapd.conf/cn=config.ldif"
    slapadd: bad configuration directory!
dpkg: error processing slapd (--configure):
 subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
 slapd

Upgrade complete

The upgrade has completed but there were errors during the upgrade
process.

Could not install the upgrades

The upgrade is now aborted. Your system could be in an unusable
state. A recovery will run now (dpkg --configure -a).
...

Read more...

Revision history for this message
MarianoAbsatz (el-baby) wrote :

This is how I fixed it:

# erase the wrong data that the failed restore left behind:
sudo rm /var/lib/ldap/o=cejil/*
# copy default DB_CONFIG
sudo cp -v /usr/share/slapd/DB_CONFIG /var/lib/ldap/o=cejil
# restore from the backup
sudo slapadd -b o=cejil < /var/backups/slapd-2.4.11-0ubuntu6.1/o\=cejil.ldif
sudo chown -vR openldap.openldap /var/lib/ldap

# start the server again
sudo invoke-rc.d slapd start

Revision history for this message
MarianoAbsatz (el-baby) wrote :

Maybe the updater can be made a little smarter so that it knows about slapd.conf as well as slapd.d?

Revision history for this message
MarianoAbsatz (el-baby) wrote :

Well... now that I see it, it is not quite clean... how can I clean this up?:

$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
  linux-image-virtual
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
1 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Do you want to continue [Y/n]? Y
Setting up slapd (2.4.15-1ubuntu3) ...
  Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.4.11-0ubuntu6.1... done.
  Moving old database directories to /var/backups:

  Backup path /var/backups/o=cejil-2.4.11-0ubuntu6.1.ldapdb exists. Giving up...
dpkg: error processing slapd (--configure):
 subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
 slapd
E: Sub-process /usr/bin/dpkg returned an error code (1)

Revision history for this message
MarianoAbsatz (el-baby) wrote :

Well,

I think I solved it... it had to do with apparmor.

I had completely removed apparmor in intrepid and slapd was reading schema files from a location outside /etc/ldap (which I had configured myself).

I don't know if in jaunty the apparmor kernelspace is built into the kernel rather than as a module, but I wasn't able to get slapd running the way I wanted by simply removing apparmor as I did before...

So I finally installed apparmor-utils and learned the minimum about aa-complain / aa-enforce to get it running...

Maybe update-manager can be made smart enough so that if apparmor wasn't installed in the system, it puts all the profiles in complain mode?

If Intrepid is the last release where apparmor was kinda optional, then this is bound to happen again in the next LTS-LTS update (from Hardy to 10.04?).

Michael Vogt (mvo)
affects: update-manager (Ubuntu) → openldap (Ubuntu)
Revision history for this message
Chuck Short (zulcss) wrote :

This bug report is being closed due to your last comment regarding this being fixed with an update. For future reference you can manage the status of your own bugs by clicking on the current status in the yellow line and then choosing a new status in the revealed drop down box. You can learn more about bug statuses at https://wiki.ubuntu.com/Bugs/Status. Thank you again for taking the time to report this bug and helping to make Ubuntu better. Please submit any future bugs you may find.

Changed in openldap (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.