[Pkg-openldap-devel] Bug#628825: Further
Ray Klassen
rklassen at communitascare.com
Thu Jun 16 20:24:36 UTC 2011
I now know where my problem is coming from.
On upgrade without warning or comment the dpkg script slapd.preinst
inserts the following access rules into the new cn=config configuration
database in the "dn: olcDatabase={-1}frontend,cn=config"
> olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
> olcAccess: {1}to dn.exact="" by * read
> olcAccess: {2}to dn.base="cn=Subschema" by * read
If if it's a live system and you depend on the default openldap access
rules ( * by * read ) this is a sudden and (imho rude) change. Obviously
tightening security is admirable, but some warning would be appreciated.
So the problem is not the conversion to 'cn=config' it's the debian package.
--
Ray
More information about the Pkg-openldap-devel
mailing list