Postfix error "unsupported dictionary type: ldap" - 4.3 upgrade pre-up removes dynamicmaps.cf

tanatos · June 2, 2018, 9:22am

Hi,

I’m using the update LDAP policy to deploy updates to my systems. On my mail server, the Update from UCS 4.2 to 4.3 is correctly withhold because I need to migrate from Cyrus to Dovecot first.

But the pre-up script doing these checks somehow destroys my postfix configuration. Excerpt from /var/log/univention/updater.log:

Custom preupdate script /var/lib/local-preup.sh not found
dpkg: warning: ignoring request to remove univention-config-wrapper which isn't installed
Checking for space on /var/cache/apt/archives: OK
Checking for space on /boot: OK
Checking for space on /: OK
Checking for package status: OK
Checking LDAP schema: OK
Removing /etc/postfix/dynamicmaps.cf. Creating backup in /etc/postfix/dynamicmaps.cf.backup-postfix2.L5AYGDKT.
'/etc/postfix/dynamicmaps.cf' -> '/etc/postfix/dynamicmaps.cf.backup-postfix2.L5AYGDKT'
Not updating ldap/overlay/memberof
ii  univention-mail-cyrus 9.0.0-12A~4.2.0.201705191538 all          UCS - imap configuration
ERROR: The Cyrus integration package was found. Cyrus is not
supported anymore by UCS 4.3. Aborting the upgrade. For instructions how to
proceed, please refer to https://help.univention.com/t/7957
Error: Update aborted by pre-update script of release 4.3-0

The consequence is that incoming mails are spooled by postfix but not delivered to cyrus. Message in mail.err for each mail is:

Jun  2 11:04:44 mailserver postfix/smtpd[18370]: error: unsupported dictionary type: ldap

To get my postfix back working I follow the steps found in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859805:

root@mailserver:~# . /usr/share/postfix/postinst.functions
root@mailserver:~# delmap ldap
grep: /etc/postfix/dynamicmaps.cf: Datei oder Verzeichnis nicht gefunden
root@mailserver:~# addmap ldap
grep: /etc/postfix/dynamicmaps.cf: Datei oder Verzeichnis nicht gefunden
Adding ldap map entry to /etc/postfix/dynamicmaps.cf
root@mailserver:~# service postfix restart

I deactivated the update LDAP policy for this server to keep things working as long as I haven’t migrated to Dovecot. But I think the pre-up script should be checked / improved.

troeder · June 4, 2018, 6:29am

Hello Tanatos,

you are right. The order in the preup script is bad. I have created a bug report, so this can be fixed: http://forge.univention.org/bugzilla/show_bug.cgi?id=47117

Greetings
Daniel Tröder

Moritz_Bunkus · June 4, 2018, 11:23am

Hey,

in addition to the bug Daniel already commented on: you don’t necessarily have to deactivate your policy for updates, you just have to prevent it from updating to 4.3-0 or later. I’ve written an explanation how to achieve this a couple of weeks ago. That way you’ll still receive security updates for 4.2-x, but the update to 4.3-0 isn’t attempted automatically.

Kind regards,
mosu