[Pkg-openldap-devel] r1329 - openldap/trunk/debian

vorlon at alioth.debian.org vorlon at alioth.debian.org
Mon Sep 13 06:24:23 UTC 2010


Author: vorlon
Date: 2010-09-13 06:24:21 +0000 (Mon, 13 Sep 2010)
New Revision: 1329

Modified:
   openldap/trunk/debian/changelog
   openldap/trunk/debian/slapd.init.ldif
   openldap/trunk/debian/slapd.scripts-common
Log:
debian/slapd.init.ldif: synchronize our behavior on new installs with
that on upgrades, avoiding the non-standard cn=localroot,cn=config.

Modified: openldap/trunk/debian/changelog
===================================================================
--- openldap/trunk/debian/changelog	2010-09-13 06:16:25 UTC (rev 1328)
+++ openldap/trunk/debian/changelog	2010-09-13 06:24:21 UTC (rev 1329)
@@ -35,6 +35,8 @@
     too.
   * Likewise, grant access to dn.exact="" so that base dn autodiscovery
     works as intended.  Closes: #596049.
+  * debian/slapd.init.ldif: synchronize our behavior on new installs with
+    that on upgrades, avoiding the non-standard cn=localroot,cn=config.
 
   [ Matthijs Mohlmann ]
   * Remove upgrade_supported_from_backend, implemented patch from

Modified: openldap/trunk/debian/slapd.init.ldif
===================================================================
--- openldap/trunk/debian/slapd.init.ldif	2010-09-13 06:16:25 UTC (rev 1328)
+++ openldap/trunk/debian/slapd.init.ldif	2010-09-13 06:24:21 UTC (rev 1329)
@@ -12,7 +12,6 @@
 # The tool-threads parameter sets the actual amount of cpu's that is used
 # for indexing.
 olcToolThreads: 1
-olcAuthzRegexp: gidNumber=[[:digit:]]+\+uidNumber=0,cn=peercred,cn=external,cn=auth cn=localroot,cn=config
 
 # Frontend settings
 dn: olcDatabase={-1}frontend,cn=config
@@ -21,9 +20,8 @@
 olcDatabase: {-1}frontend
 # The maximum number of entries that is returned for a search operation
 olcSizeLimit: 500
-# Allow unlimited access to cn=localroot,cn=config which is the dn to which
-# a local connection from the local root user is mapped
-olcAccess: {0}to * by dn.exact=cn=localroot,cn=config manage by * break
+# Allow unlimited access to local connection from the local root user
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
 # Allow unauthenticated read access for schema and base DN autodiscovery
 olcAccess: {1}to dn.exact="" by * read
 olcAccess: {2}to dn.base="cn=Subschema" by * read
@@ -32,9 +30,8 @@
 dn: olcDatabase=config,cn=config
 objectClass: olcDatabaseConfig
 olcDatabase: config
-# Allow unlimited access to cn=localroot,cn=config which is the dn to wich a
-# local connection from the local root user is mapped to
-olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
+# Allow unlimited access to local connection from the local root user
+olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
 olcRootDN: cn=admin,cn=config
 
 # Load schemas

Modified: openldap/trunk/debian/slapd.scripts-common
===================================================================
--- openldap/trunk/debian/slapd.scripts-common	2010-09-13 06:16:25 UTC (rev 1328)
+++ openldap/trunk/debian/slapd.scripts-common	2010-09-13 06:24:21 UTC (rev 1329)
@@ -136,7 +136,7 @@
 		mv ${SLAPD_CONF} ${SLAPD_CONF}.old
 		SLAPD_CONF=/etc/ldap/slapd.d
 
-		# Add olcAccess control to grant cn=localroot,cn=config manage access
+		# Add olcAccess control to grant local root connections access
 		sed -i '/^olcDatabase: {-1}frontend/a\
 olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break\
 olcAccess: {1}to dn.exact="" by * read\




More information about the Pkg-openldap-devel mailing list