Re: [Bug 463684] Re: openldap sections in ubuntu server guide not updated for packages in karmic

2010-02-22 Thread Adrian Custer 
Yes,

the current situation sucks. Unfortunately, it cannot all be laid at the
feet of Ubuntu. Like you, I spent a good week in a maze of twisty
passages where nothing worked. Then, painfully, I emerged from that mess
over a few weeks to get a working system.

The core issue is that LDAP has moved on while most of the available
documentation has not. Almost all the search accessible documentation is
based on the venerable 'slapd.conf' but OpenLDAP has moved to an
embedded Db. So, like an anthropologist, one has to sift through the
docs and try to figure out what is still relevant and what no longer
works. It's a hard slog. The #openldap irc channels sometimes helps.

Then, there's Ubuntu which silently transitioned from the older system
to the newer one without really considering the consequences for the
newbies like me who were getting their first dose of LDAP in the middle
of the transition. Ubuntu doesn't have infinite resources and made the
code transition without having the documenters who could at least put up
the flags warning that 'here be monsters'. Fixing it though, requires a
good documentation writer who will take on the task of writing a really
decent chapter. In itself, that's a couple of weeks of work.
Unfortunately, the cost of figuring things out takes so much time that
there's none left to 'volunteer' to fix the docs. (And my Gnumeric
manual is ever waiting for my spare documenter cycles.) So it never gets
fixed---such goes life in the collaborosphere.

So, good luck to you with your next distribution. You now also know that
newer LDAPs are working differently from the way things used to work so
you have a leg up when installing that.

all the best,
--adrian

On Mon, 2010-02-22 at 01:36 +, murray wrote:
 I am sick of this.
 
 I have spent the last 4 days upgrading, installing, uninstalling trying
 really hard to get OpenLDAP to work on Ubuntu but I am just now giving
 up.
 
 For those who care to listen there are some reasons:
 
 1. I originally had it working on Edgy but when I went to test some
 stuff on Friday it was no longer working.  Plus I thought it was
 probably time for an update...
 
 2. The update had some moments but I eventually arrived at Karmic but
 along the way my slapd.conf wouldn't upgrade.
 
 3. No worries, I'll remove and install the package again.  Really really
 bad decision.
 
 4. The installation wouldn't work because the remove wouldn't delete the
 slapd.conf.  The remove was failing as was the install. I eventually
 deleted the slapd.conf manually so the remove and install would then
 work.  I was surprised that a new slapd.conf was never created.
 
 5. The configuration script asks just 3 questions when it clearly should
 be asking a whole lot more.  Nobody seems to know why it's not asking
 more but they think the documentation should be updated to reflect that
 the configuration will only ask 3 questions.  Duh!
 
 6. More googling and I found a step by step to getting the ldap server
 working.  Well, at least there were steps but I couldn't get them to
 work.  I needed some Berkeley database which I couldn't find anywhere,
 and I looked for other packages that utilised this bdb and tried
 installing them - I don't know if the database arrived or not but the
 LDAP script still failed with some error about the database, I think it
 was error (80) - really cool messages.  So my ldap server is like a
 beached whale without this database I thought that was what pre-
 requisites were for
 
 7. None of the ldapadd scripts worked and now the problems are just
 adding up...
 
 Wouldn't it be nice to have a piece of software that would load, provide
 some configuration options and then you could use a tool like
 LDAPExplorerTool2  to do the loading and searching functions.
 
 I'm a developer and my application operates as an LDAP client - I don't
 want to learn all of the intricacies of the LDAP server in order to test
 my application.  I want just the basics operating so I can test my app
 with a couple of use cases.
 
 I'm now completely turned off Ubuntu and will be heading off to another
 Linux derivative.
 
 Good bye.
 Murray


-- 
openldap sections in ubuntu server guide not updated for packages in karmic
https://bugs.launchpad.net/bugs/463684
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 463684] Re: openldap sections in ubuntu server guide not updated for packages in karmic

2009-12-08 Thread Adrian Custer 
Hey Julián,

Thanks for doing that work. I have not had time to read your edits on
doc.ubuntu.com in detail yet, but want to add an issue worth mentioning
in these pages.

If one tries to create a second branch on the DIT, openldap wants to
store that in a separate backend. If we want to do this next to the
initial backend, on /var/lib/ldap2/ for example, then apparmor kicks in
to block slapd from writing to a directory it has not been authorized to
hit. The error message generated by openldap does not prove very helpful
---I was only saved by finding a message on the subject on the web.

It would be useful to mention that apparmour might become an issue for
any expansion of the DIT to a second backend. It would also be elegant
to explain how to modify apparmour correctly to allow this second
backend but that's getting far afield so I could understand mentioning
the issue and moving on. I personally hacked my apparmour quick and
dirty but am not working on a production server.

cheers, --adrian

-- 
openldap sections in ubuntu server guide not updated for packages in karmic
https://bugs.launchpad.net/bugs/463684
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 493100] [NEW] init.d/slapd script reports an error message that could be improved.

2009-12-06 Thread Adrian Custer 
Public bug reported:

The end of the slapd script reports an error if there 'was no'
configuration files in /etc/ldap/slapd.d/ by equating 'fail to read'
with 'does not exist'. However 'fail to read' could be due to permission
issues such as a regular user calling /etc/init.d/slapd.

The error should be adjusted to reflect this is a 'fail to read' issue
which *may* be due to : 'does not exist' or to 'could not access'.

The error message could simply be expanded to include the possibility
that the user did not have access rights, or the script could be
improved to determine if that is the case and report a separate error.

thanks,
--adrian

I suspect the issue is general to all ubuntu install scripts but, if needed: 
  Karmic 9.10 Amd-64
  slapd 2.4.18-0ubuntu1 (openldap)

** Affects: openldap (Ubuntu)
 Importance: Undecided
 Status: New

-- 
init.d/slapd script reports an error message that could be improved.
https://bugs.launchpad.net/bugs/493100
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs