[Bug 571752] Re: slapd upgrades don't add frontend ACLs for base="" and cn=subschema
Nathan Stratton Treadway
ubuntu.lp at nathanst.com
Thu Apr 29 18:19:33 BST 2010
Based on hints found in the documents mentioned in bug #506317 and other
places, I think the following three commands can be used to confirm that
the permissions are set up correctly to allow various LDAP-related
functionality to work:
Naming context discovery (e.g. "ldapvi --discover"):
ldapsearch -x -H ldap://testhost/ -LLL -b "" -s base namingContexts
Determining supported SASL mechanisms:
ldapsearch -x -H ldap://testhost/ -LLL -b "" -s base supportedSASLMechanisms
Retrieving the server's schema:
ldapsearch -x -Hldap://testhost/ -b 'cn=Subschema' -s base '(objectClass=subschema)' attributetypes
I just ran a test and confirmed that those three commands return data
when run against a stock Hardy slapd installation, but all three return
no records when run against that same server immediately after a Hardy
-> Lucid upgrade (when upgrading to slapd 2.4.21-0ubuntu5).
After manually adding the two lines
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to dn.base="cn=subschema" by * read
to the /etc/ldap/slapd.d/cn=config/olcDatabase\=\{-1\}frontend.ldif file
(just below the "olcAccess: {0}to * by dn.exact=gidNumber=0...." line) and restarting slapd, all three searches returned data again.
--
slapd upgrades don't add frontend ACLs for base="" and cn=subschema
https://bugs.launchpad.net/bugs/571752
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
More information about the Ubuntu-server-bugs
mailing list