Bug#877512: Systemd support for slapd

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#877512: Systemd support for slapd

Moritz Muehlenhoff
Package: slapd
Severity: wishlist

The best way to address the root cause for CVE-2017-14159 (which I agree
is minor and doesn't warrant a Debian bug on it's own, it's filed
upstream as  http://www.openldap.org/its/index.cgi?findid=8703 for
reference ) would be to provide a systemd unit for slapd and stop using
a PID altogether.

Cheers,
        Moritz

Reply | Threaded
Open this post in threaded view
|

Bug#877512: [Pkg-openldap-devel] Bug#877512: Systemd support for slapd

Ryan Tandy-4
Control: forwarded -1 http://www.openldap.org/its/index.cgi?findid=8707

On Mon, Oct 02, 2017 at 03:06:02PM +0200, Moritz Muehlenhoff wrote:
>The best way to address the root cause for CVE-2017-14159 (which I agree
>is minor and doesn't warrant a Debian bug on it's own, it's filed
>upstream as  http://www.openldap.org/its/index.cgi?findid=8703 for
>reference ) would be to provide a systemd unit for slapd and stop using
>a PID altogether.

I agree, and there's a patch and unit file currently under review
upstream which I look forward to getting into Debian.

Reply | Threaded
Open this post in threaded view
|

Bug#877512: systemd unit for slapd

Karsten Heymann-5
In reply to this post by Moritz Muehlenhoff
Hi,

any news on this? Having a proper systemd unit for slapd would be quite nice.

Kind regards
Karsten

Reply | Threaded
Open this post in threaded view
|

Bug#877512: [Pkg-openldap-devel] Bug#877512: systemd unit for slapd

Ryan Tandy-4
On Tue, Feb 19, 2019 at 09:27:29AM +0100, Karsten Heymann wrote:
>any news on this? Having a proper systemd unit for slapd would be quite nice.

Not for buster, I'm afraid.

The discussion on adding the systemd code upstream went quiet; I need to
reopen it.

And the current init script has some code in it that I need to figure
out how to replicate in a systemd unit: for example, how to call slapd
with the appropriate -f/-F based on config style, and so on.

Is there a specific issue or limitation you're running into with the
init script? In my experience systemd's init script handling works
pretty well and I haven't really noticed a difference.