Univention Bugzilla – Bug 55998
Make inclusion of ppolicy.schema configurable for the upgrade to OpenLDAP 2.5
Last modified: 2024-03-08 10:51:25 CET
During upgrade of openldap the preinst migrates the database and postinst restarts slapd. (afair). During this short time period we need to include '/etc/ldap/schema/ppolicy.schema.dpkg-remove' in the slapd.conf so that the UCS 5.2 upgrade doesn't fail.
The ppolicy schema was an external file, included in the slapd.conf in 5.0/5.1. In 5.2 it became built into slapd. That means, that during upgrade, we need to remove the ppolicy.schema file from the slapd conf in the exact right moment. If it's removed too early slapd won't start because the schema for some attributes is missing, If it's removed too late, it won't start because of duplicate schema, or because the schema file doesn't exist. This is further complicated, because during this upgrade, the whole LDAP database and configuration is dumped and reimported. And the ppolicy.schmema is removed in the maintscript. The maintscript moves the file to /etc/ldap/schema/ppolicy.schema.dpkg-remove in the first step. At this time though, the file is still needed, because slapd is restarted during the upgrade as well. We patched the slapd.conf template to include /etc/ldap/schema/ppolicy.schema.dpkg-remove if it exists in that moment. The patch is in branch preview/5.1 only, because the univention-ldap package pre-depends to slapd, which means that during upgrade of slapd, the slapd.conf from 5.1 is used. We also patched the slapd postinst to commit the slapd conf at the perfect time. ucs-patches: 263fb96f2c0690966672cd21e3e4dcc79fe848bb Bug #55833: commit slapd.conf before (re-)starting slapd ucs: (preview/5.1) 207e041dd3b582c5a5fc985e9c159e3e2bf8b1fc fix(ldap): Make include of ppolicy.schema optional so that we can remove it in UCS 5.2
LGTM.
*** Bug 56909 has been marked as a duplicate of this bug. ***
univention-ldap (18.0.1) 88e033f7a1e3 | fix(ldap): ppolicy.schema can be removed in 5.2 univention-ldap (17.0.4) 1162a57e821b | fix(ldap): always enable ppolicy module because it provides the schema necessary to create our internal entries 1dfd1580daf1 | fix(ldap): make include of ppolicy.schema optional so that we can remove it in UCS 5.2 ucs-test (11.0.4) 1162a57e821b | fix(ldap): always enable ppolicy module because it provides the schema necessary to create our internal entries