[Pkg-openldap-devel] r1326 - openldap/trunk/debian
vorlon at alioth.debian.org
vorlon at alioth.debian.org
Mon Sep 13 06:03:17 UTC 2010
tags 596326 pending
thanks
Author: vorlon
Date: 2010-09-13 06:03:05 +0000 (Mon, 13 Sep 2010)
New Revision: 1326
Modified:
openldap/trunk/debian/changelog
openldap/trunk/debian/slapd.postinst
openldap/trunk/debian/slapd.scripts-common
Log:
debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
otherwise is blocked by our added olcAccess settings. Closes: #596326.
Modified: openldap/trunk/debian/changelog
===================================================================
--- openldap/trunk/debian/changelog 2010-09-13 03:12:19 UTC (rev 1325)
+++ openldap/trunk/debian/changelog 2010-09-13 06:03:05 UTC (rev 1326)
@@ -28,6 +28,9 @@
* debian/slapd.scripts-common: when parsing the names of includes, handle
double-quotes and escape characters as described in slapd.conf(5).
Closes: #595784.
+ * debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
+ versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
+ otherwise is blocked by our added olcAccess settings. Closes: #596326.
[ Matthijs Mohlmann ]
* Remove upgrade_supported_from_backend, implemented patch from
Modified: openldap/trunk/debian/slapd.postinst
===================================================================
--- openldap/trunk/debian/slapd.postinst 2010-09-13 03:12:19 UTC (rev 1325)
+++ openldap/trunk/debian/slapd.postinst 2010-09-13 06:03:05 UTC (rev 1326)
@@ -42,6 +42,15 @@
# Move to slapd.d configuration style.
migrate_to_slapd_d_style
+ # One-time upgrade fix for olcAccess on cn=Subschema
+ if previous_version_older 2.4.23-5 && previous_version_newer 2.4.23-3 \
+ && [ -e "$SLAPD_CONF/cn=config/olcDatabase={-1}frontend.ldif" ] \
+ && ! grep -i 'olcAccess:.*subschema' "$SLAPD_CONF/cn=config/olcDatabase={-1}frontend.ldif"
+ then
+ sed -i '/olcAccess: {0}/a\
+olcAccess: {1}to dn.base="cn=Subschema" by * read' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif"
+ fi
+
# Enable LDAP protocol v2 support if needed.
configure_v2_protocol_support
Modified: openldap/trunk/debian/slapd.scripts-common
===================================================================
--- openldap/trunk/debian/slapd.scripts-common 2010-09-13 03:12:19 UTC (rev 1325)
+++ openldap/trunk/debian/slapd.scripts-common 2010-09-13 06:03:05 UTC (rev 1326)
@@ -137,8 +137,11 @@
SLAPD_CONF=/etc/ldap/slapd.d
# Add olcAccess control to grant cn=localroot,cn=config manage access
- sed -i 's/^\(olcDatabase: {-1}frontend\)/\0\nolcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break/' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif"
- sed -i 's/^\(olcDatabase: {0}config\)/\0\nolcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break/' "${SLAPD_CONF}/cn=config/olcDatabase={0}config.ldif"
+ sed -i '/^olcDatabase: {-1}frontend/a\
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break\
+olcAccess: {1}to dn.base="cn=Subschema" by * read' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif"
+ sed -i '/^olcDatabase: {0}config/a\
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break' "${SLAPD_CONF}/cn=config/olcDatabase={0}config.ldif"
# TODO: Now we are doing something that is not allowed by policy but it
# has to be done.
More information about the Pkg-openldap-devel
mailing list