[Pkg-openldap-devel] r1329 - openldap/trunk/debian
vorlon at alioth.debian.org
vorlon at alioth.debian.org
Mon Sep 13 06:24:23 UTC 2010
Author: vorlon
Date: 2010-09-13 06:24:21 +0000 (Mon, 13 Sep 2010)
New Revision: 1329
Modified:
openldap/trunk/debian/changelog
openldap/trunk/debian/slapd.init.ldif
openldap/trunk/debian/slapd.scripts-common
Log:
debian/slapd.init.ldif: synchronize our behavior on new installs with
that on upgrades, avoiding the non-standard cn=localroot,cn=config.
Modified: openldap/trunk/debian/changelog
===================================================================
--- openldap/trunk/debian/changelog 2010-09-13 06:16:25 UTC (rev 1328)
+++ openldap/trunk/debian/changelog 2010-09-13 06:24:21 UTC (rev 1329)
@@ -35,6 +35,8 @@
too.
* Likewise, grant access to dn.exact="" so that base dn autodiscovery
works as intended. Closes: #596049.
+ * debian/slapd.init.ldif: synchronize our behavior on new installs with
+ that on upgrades, avoiding the non-standard cn=localroot,cn=config.
[ Matthijs Mohlmann ]
* Remove upgrade_supported_from_backend, implemented patch from
Modified: openldap/trunk/debian/slapd.init.ldif
===================================================================
--- openldap/trunk/debian/slapd.init.ldif 2010-09-13 06:16:25 UTC (rev 1328)
+++ openldap/trunk/debian/slapd.init.ldif 2010-09-13 06:24:21 UTC (rev 1329)
@@ -12,7 +12,6 @@
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
olcToolThreads: 1
-olcAuthzRegexp: gidNumber=[[:digit:]]+\+uidNumber=0,cn=peercred,cn=external,cn=auth cn=localroot,cn=config
# Frontend settings
dn: olcDatabase={-1}frontend,cn=config
@@ -21,9 +20,8 @@
olcDatabase: {-1}frontend
# The maximum number of entries that is returned for a search operation
olcSizeLimit: 500
-# Allow unlimited access to cn=localroot,cn=config which is the dn to which
-# a local connection from the local root user is mapped
-olcAccess: {0}to * by dn.exact=cn=localroot,cn=config manage by * break
+# Allow unlimited access to local connection from the local root user
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
# Allow unauthenticated read access for schema and base DN autodiscovery
olcAccess: {1}to dn.exact="" by * read
olcAccess: {2}to dn.base="cn=Subschema" by * read
@@ -32,9 +30,8 @@
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
-# Allow unlimited access to cn=localroot,cn=config which is the dn to wich a
-# local connection from the local root user is mapped to
-olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
+# Allow unlimited access to local connection from the local root user
+olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcRootDN: cn=admin,cn=config
# Load schemas
Modified: openldap/trunk/debian/slapd.scripts-common
===================================================================
--- openldap/trunk/debian/slapd.scripts-common 2010-09-13 06:16:25 UTC (rev 1328)
+++ openldap/trunk/debian/slapd.scripts-common 2010-09-13 06:24:21 UTC (rev 1329)
@@ -136,7 +136,7 @@
mv ${SLAPD_CONF} ${SLAPD_CONF}.old
SLAPD_CONF=/etc/ldap/slapd.d
- # Add olcAccess control to grant cn=localroot,cn=config manage access
+ # Add olcAccess control to grant local root connections access
sed -i '/^olcDatabase: {-1}frontend/a\
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break\
olcAccess: {1}to dn.exact="" by * read\
More information about the Pkg-openldap-devel
mailing list