Univention Bugzilla – Bug 31606
various UCR variables may beak slapd.conf
Last modified: 2020-07-03 20:54:32 CEST
It is possible to silently prevent slapd from starting by using comma and whitespace to separate IP addresses in ldap/acl/read/ips. A simple strip() could prevent that from happening: # diff -Nur 70univention-ldap-server_acl-master-end.orig 70univention-ldap-server_acl-master-end --- 70univention-ldap-server_acl-master-end.orig 2013-06-03 10:27:49.000000000 +0200 +++ 70univention-ldap-server_acl-master-end 2013-06-03 10:28:01.000000000 +0200 @@ -142,7 +142,7 @@ ldap_acl_read_anonymous_ips = configRegistry.get('ldap/acl/read/ips') if ldap_acl_read_anonymous_ips: for ip in ldap_acl_read_anonymous_ips.split(','): - print ' by peername.ip=%s read' % ip + print ' by peername.ip=%s read' % ip.strip() else: print ' by * read'
conffiles/etc/ldap/slapd.conf.d/30univention-ldap-server_head should also be made more robust by using inline Python instead of @%@VARIABLE@%@ (allowing sane fallback values if a variable is unset). Currently slapd won't start if e.g. ldap/debug/level is unset: root@master:~# ucr unset ldap/debug/level Unsetting ldap/debug/level Multifile: /etc/ldap/slapd.conf root@master:~# /etc/init.d/slapd start Check database: ...done. Starting ldap server(s): slapd ...failed. 5225b186 /etc/ldap/slapd.conf: line 64: keyword <loglevel> missing <level> argument slapschema: bad configuration file!.
The same applies for various other options in the slapd.conf template: The variable are set in postinst and referenced with @%@foo@%@. Examples: cachesize @%@ldap/cachesize@%@ idlcachesize @%@ldap/idlcachesize@%@ threads @%@ldap/threads@%@
*** Bug 19768 has been marked as a duplicate of this bug. ***
*** Bug 14877 has been marked as a duplicate of this bug. ***
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.