search

ltb-project / openldap-deb

Debian packages for OpenLDAP
http://ltb-project.org/wiki/documentation/openldap-deb
GNU General Public License v3.0
14 stars 13 forks source link

postinst script does not use config directory location from slapd-cli.conf, re-provisions default configuration template unconditionally on upgrade #94

Closed jubalfh closed 1 year ago

jubalfh commented 1 year ago

hey,

i'm not sure how to qualify this one, so let me just go with a description:

so this is basically a minor annoyance: the postinst script does a check for existence of config directory in the slapd-cli.conf, BUT uses the value of LDAPCONFDIR as defined in vars file.

what happens afterwards is that when a non-standard config directory for cn=config is used, the postinst script unconditionally re-creates the default config directory and reprovisions it with a default template on upgrade. (i guess using a non-standard directory name is not something you expected your users to do…)

this brings also an another question: would you be amenable to allowing the package to not do any initial configuration after install/upgrade at all? say, via low priority debconf question with a default setting being the current behaviour? if you prefer i can open a separate wishlist issue just for that.

davidcoutadeur commented 1 year ago

I suppose "postinst script does not use config directory location from slapd-cli.conf" seems to be a bug we should fix. We are going to give a look at this point.

The current behaviour is to import a default configuration for a fresh install, or for a previous installation with an empty config directory. But you shouldn't notice any default config deployment when one is already in place. Is that what you mean?

jubalfh commented 1 year ago

yup, pretty much

i'm modifying the slapd-cli's config file rather extensively and decided to nuke the initial config anyways; for reasons not entirely clear to me right now i thought that removing the original dir (slapd.d) and using a custom config directory name (config.d) would be easier to manage, and thus i managed to find the issue.

ideally, i'd have a way to dispose with initial configuration provisioning on package install through mechanism like preseeding, but i do understand it's not what most users need – and i can work around it.

davidcoutadeur commented 1 year ago

Actually, I think importing a default data ldif template should be done only at initial installation. Currently, this is not checked.

We have all we need to check this in postinst script, so this will be fixed in next release.

davidcoutadeur commented 1 year ago

Done in bf9a82c and d555a85

@jubalfh I think it should solve your initial issue, doesn't it?

davidcoutadeur commented 1 year ago

Integrated in new releases 2.5.14 and 2.6.4