[Pkg-openldap-devel] r1328 - openldap/trunk/debian

Mon Sep 13 06:16:37 UTC 2010

tags 596049 pending
thanks

Author: vorlon
Date: 2010-09-13 06:16:25 +0000 (Mon, 13 Sep 2010)
New Revision: 1328

Modified:
   openldap/trunk/debian/changelog
   openldap/trunk/debian/slapd.init.ldif
   openldap/trunk/debian/slapd.postinst
   openldap/trunk/debian/slapd.scripts-common
Log:
Likewise, grant access to dn.exact="" so that base dn autodiscovery
works as intended.  Closes: #596049.

Modified: openldap/trunk/debian/changelog
===================================================================

--- openldap/trunk/debian/changelog	2010-09-13 06:07:33 UTC (rev 1327)
+++ openldap/trunk/debian/changelog	2010-09-13 06:16:25 UTC (rev 1328)
@@ -33,6 +33,8 @@
     otherwise is blocked by our added olcAccess settings.  Closes: #596326.
   * debian/slapd.init.ldif: set the acl in the default LDIF for new installs,
     too.
+  * Likewise, grant access to dn.exact="" so that base dn autodiscovery
+    works as intended.  Closes: #596049.
 
   [ Matthijs Mohlmann ]
   * Remove upgrade_supported_from_backend, implemented patch from

Modified: openldap/trunk/debian/slapd.init.ldif
===================================================================
--- openldap/trunk/debian/slapd.init.ldif	2010-09-13 06:07:33 UTC (rev 1327)
+++ openldap/trunk/debian/slapd.init.ldif	2010-09-13 06:16:25 UTC (rev 1328)
@@ -21,10 +21,12 @@
 olcDatabase: {-1}frontend
 # The maximum number of entries that is returned for a search operation
 olcSizeLimit: 500
-# Allow unlimited access to cn=localroot,cn=config which is the dn to wich a
-# local connection from the local root user is mapped to
-olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
-olcAccess: to dn.base="cn=Subschema" read by *
+# Allow unlimited access to cn=localroot,cn=config which is the dn to which
+# a local connection from the local root user is mapped
+olcAccess: {0}to * by dn.exact=cn=localroot,cn=config manage by * break
+# Allow unauthenticated read access for schema and base DN autodiscovery
+olcAccess: {1}to dn.exact="" by * read
+olcAccess: {2}to dn.base="cn=Subschema" by * read
 
 # Config db settings
 dn: olcDatabase=config,cn=config

Modified: openldap/trunk/debian/slapd.postinst
===================================================================
--- openldap/trunk/debian/slapd.postinst	2010-09-13 06:07:33 UTC (rev 1327)
+++ openldap/trunk/debian/slapd.postinst	2010-09-13 06:16:25 UTC (rev 1328)
@@ -48,7 +48,8 @@
 	   && ! grep -i 'olcAccess:.*subschema' "$SLAPD_CONF/cn=config/olcDatabase={-1}frontend.ldif"
 	then
 		sed -i '/olcAccess: {0}/a\
-olcAccess: {1}to dn.base="cn=Subschema" by * read' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif"
+olcAccess: {1}to dn.exact="" by * read\
+olcAccess: {2}to dn.base="cn=Subschema" by * read' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif"
 	fi
 
 	# Enable LDAP protocol v2 support if needed.

Modified: openldap/trunk/debian/slapd.scripts-common
===================================================================
--- openldap/trunk/debian/slapd.scripts-common	2010-09-13 06:07:33 UTC (rev 1327)
+++ openldap/trunk/debian/slapd.scripts-common	2010-09-13 06:16:25 UTC (rev 1328)
@@ -139,7 +139,8 @@
 		# Add olcAccess control to grant cn=localroot,cn=config manage access
 		sed -i '/^olcDatabase: {-1}frontend/a\
 olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break\
-olcAccess: {1}to dn.base="cn=Subschema" by * read' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif"
+olcAccess: {1}to dn.exact="" by * read\
+olcAccess: {2}to dn.base="cn=Subschema" by * read' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif"
 		sed -i '/^olcDatabase: {0}config/a\
 olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break' "${SLAPD_CONF}/cn=config/olcDatabase={0}config.ldif"
 


