[Bug 559070] [NEW] Lucid (or karmic) slapd upgrade does not really allow localroot cn=config manage rights

Thierry Carrez thierry.carrez at ubuntu.com
Fri Apr 9 10:19:38 BST 2010


Public bug reported:

Lucid upgrade results in editing the /etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif configuration to change from:
olcAccess: {0}to * by * none

to:
olcAccess: {0}to * by * none
olcAccess: {1}to * by dn.exact=cn=localroot,cn=config manage by * break

As pointed out by Nathan Stratton Treadway on bug 538516 (which
introduced this incomplete fix), the {0} line will always be matched and
therefore the {1} line will never be evaluated.

Combining the two lines into:
olcAccess: {0}to * by dn.exact=cn=localroot,cn=config manage by * none
or even (since access is implicitely denied when no clause match):
olcAccess: {0}to * by dn.exact=cn=localroot,cn=config manage
should solve it.

** Affects: openldap (Ubuntu)
     Importance: Medium
         Status: Triaged

** Affects: openldap (Ubuntu Lucid)
     Importance: Medium
         Status: Triaged

** Changed in: openldap (Ubuntu)
   Importance: Undecided => Medium

** Changed in: openldap (Ubuntu)
       Status: New => Triaged

** Also affects: openldap (Ubuntu Lucid)
   Importance: Medium
       Status: Triaged

-- 
Lucid (or karmic) slapd upgrade does not really allow localroot cn=config manage rights
https://bugs.launchpad.net/bugs/559070
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.



More information about the Ubuntu-server-bugs mailing list