Subject: Re: pkg/34183: openldap-server dies silently on startup after fresh install
To: None <,,,>
From: Christoph Badura <>
List: pkgsrc-bugs
Date: 09/18/2006 20:55:02
The following reply was made to PR pkg/34183; it has been noted by GNATS.

From: Christoph Badura <>
Subject: Re: pkg/34183: openldap-server dies silently on startup after fresh install
Date: Mon, 18 Sep 2006 22:50:32 +0200

 I wasn't aware that you were expecting feedback on the comments you made
 in this message.  Half of them contradict pkgsrc policy and tradition and
 the other half doesn't actually fix the package. 
 On Fri, Aug 11, 2006 at 05:45:01AM +0000, Geert Hendrickx wrote:
 >  > After installing the openldap-server package for the first time on a system
 >  > fails to start without any error messages.
 >  slapd is completely silent by default (like most daemons).  For verbose
 >  output on stderr, try starting it manually with -d debuglevel.
 As I made clear in the following text I wasn't talking about debugging levels
 or stderr but about not logging fatal errors with ERROR or higher syslog
 Also, your claim that most daemons silently fail on fatal errors is false.
 Most daemons complain loudly when they fail.
 >  > - slapd does syslog these errors but it logs them at "local4.debug" instead of
 >  > severity "error" or higher.
 >  That's default slapd behaviour.  If you consider it a bug, take it to the
 >  OpenLDAP developers.  
 It is a well-established pkgsrc tradition that we fix programs in pkgsrc
 and offer the patches upstream, so that they originators can incorporate
 our improvements if they want.  But we don't make our improvments dependend
 on the good-will of the upstream maintainers.
 >  > - also, slapd logs syntax errors in the config files that prevent it from
 >  > starting with severity "debug" instead of "error" or higher.
 >  That's default slapd behaviour.  
 That it is default behaviour is obvious, because I didn't tell it to do so.
 Still, that default is hostile to the people that adminster the software
 and should be fixed in pkgsrc at the very least.
 >  > - slapd fails to start because the permissions on $PKG_SYSCONFDIR/openldap and
 >  > below don't allow slapd to access the files because they aren't group readable.
 >  This dir should be world-readable (755) by default.  Only slapd.conf itself
 >  should be confidential (750 root:ldap).  
 >  > - the file permissions on /var/openldap/openldap-data are wrong, too.
 >  This dir should be created as 700 slapd:ldap.  
 I don't particularly care what the permissions should be. The package
 doesn't set the permissions so that the software actually works.
 That needs to be fixed in the package.