conf.d directory not a configuration directory

Bug #667597 reported by Will Dowling
This bug affects 3 people
Affects Status Importance Assigned to Milestone
openldap (Debian)
openldap (Ubuntu)

Bug Description

# cat /etc/issue
Ubuntu 10.04.1 LTS \n \l

# apt-cache policy slapd
  Installed: 2.4.21-0ubuntu5.3
  Candidate: 2.4.21-0ubuntu5.3
  Version table:
 *** 2.4.21-0ubuntu5.3 0
        500 lucid-updates/main Packages
        100 /var/lib/dpkg/status
     2.4.21-0ubuntu5.2 0
        500 lucid-security/main Packages
     2.4.21-0ubuntu5 0
        500 lucid/main Packages


The slapd package deploys the cn=config directory /etc/ldap/slapd.d/cn=config

Howard Chu, Chief Architect of the OpenLDAP project has publicly stated that the slapd.d directory is a configuration DATABASE and is not user-editable[1].

The placement of this configuration database under /etc/ violates the Debian Filesystem Hierarchy Standard v2.3 [2] to which Ubuntu also adheres [3].

This is confusing for administrators migrating to the new cn=config and can lead them to editing the database directly, which is not documented nor intended.

    * Ensure that slapd creates the configuration database somewhere under /var/lib
    * Ensure that the slapd package's postinst does not modify the configuration database directly
    * Ensure that the /etc/default/slapd file sets the SLAPD_CONF variable to the new location of the configuration database


This may need to be reported to the upstream Debian maintainers, however it is my understanding that lenny still uses slapd.conf (and I have not had time to test an unstable/testing box or inspect the source package, yet).


Mathias Gug (mathiaz)
Changed in openldap (Ubuntu):
importance: Undecided → Medium
Changed in openldap (Ubuntu):
assignee: nobody → Abhishek kumar singh (abhishekkumarsingh-cse)
status: New → In Progress
Changed in openldap (Debian):
status: Unknown → New
Ryan Tandy (rtandy)
Changed in openldap (Ubuntu):
assignee: Abhishek kumar singh (abhishekkumarsingh-cse) → nobody
status: In Progress → Confirmed
Revision history for this message
Joshua Powers (powersj) wrote :

In zesty it appears the location is still the same:

# Default location of the slapd.conf file or slapd.d cn=config directory. If
# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to
# /etc/ldap/slapd.conf).

Someone with more familiarity might be able to comment, but still need to look into the postinst to see if things are modified or not.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.