I have opened Bug #571752 for the issue related to missing ACLs for the
frontend database after upgrading from earlier versions of slapd
(discussed in comments 3 & 12 here).
(Obviously, the discussion related to the issue mentioned in comment 11
here has moved to Bug #571057.)
--
olcAccess are
To follow up on my comment #2: I did some more testing and determined that the
behavior I was seeing related to the olcAccess lines in the
olcDatabase={0}config.ldif file was due to the "localroot"-related lines left
over from earlier versions of the slapd.posting script. Once I removed all
t
Moving the release notes item to bug 571057, where it belongs.
** Changed in: ubuntu-release-notes
Status: New => Invalid
--
olcAccess are options broken on upgrade in {-1}frontend.ldif
https://bugs.launchpad.net/bugs/563829
You received this bug notification because you are a member of U
On Tue, Apr 27, 2010 at 19:10:03 -, Mathias Gug wrote:
> A bug for each separate problem as it makes things simpler to
> track and to focus on.
I guess my question is whether you consider the issue raised in
comment 11 to be a separate problem from this bug (LP#563829),
thus requiring a newly-
On Tue, Apr 27, 2010 at 05:38:25PM -, Nathan Stratton Treadway wrote:
> When you say "bugs", would you like two separate new bugs, one for the
> slapd-won't-start-after-upgrading issue and the other about the
> dn.base="" permissions?
>
A bug for each separate problem as it makes things simple
When you say "bugs", would you like two separate new bugs, one for the
slapd-won't-start-after-upgrading issue and the other about the
dn.base="" permissions?
(Or do you just need a new bug related to the permissions issue?)
--
olcAccess are options broken on upgrade in {-1}frontend.ldif
https:/
Please open new bugs.
Nathan you're analysis in comment 11 is correct.
--
olcAccess are options broken on upgrade in {-1}frontend.ldif
https://bugs.launchpad.net/bugs/563829
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubun
We should definitely add a release notes, as this will affect every
OpenLDAP server users that upgraded to pre-release lucid.
** Also affects: ubuntu-release-notes
Importance: Undecided
Status: New
--
olcAccess are options broken on upgrade in {-1}frontend.ldif
https://bugs.launchpad.n
On a separate note, I did a test upgrade from a stock hardy install
directly to lucid/slapd 2.4.21-0ubuntu5. The package upgrade completed
successfully, but I can confirm that
$ ldapvi --discover -h ldap://testhost/
does not work until I manually add the
olcAccess: {1}to dn.base="" by * read
It seems like the new slapd.postinst in 2.4.21-0ubuntu5 will cause a
configuration error for upgrades from previous Lucid versions of the
package.
Specifically, up through 2.4.21-0ubuntu4, the postinst script added the
following line:
olcAccess: to * by dn.exact=cn=localroot,cn=config manage by
On Tue, Apr 27, 2010 at 02:49:11AM -, zoolook wrote:
> THANK YOU for breaking my ldap install. THANK YOU!! THANK YOU!!
>
Could you please open a new bug outlining the configuration of your
infrastructure:
* SASL mechanism used
* local ACLs
* which queries were working before
* how you fix
On Tue, Apr 27, 2010 at 02:40:11 -, Mathias Gug wrote:
> The issue with deleting the old configuration is that it's hard (if not
> impossible) to figure out if the olcAuthzRegexp and relevant olcAccess options
> have been added by the package or manually by the local sysadmin.
>
> Having the o
THANK YOU for breaking my ldap install. THANK YOU!! THANK YOU!!
zool...@venkman:~$ dpkg -l | grep slap
ii slapd 2.4.21-0ubuntu5
OpenLDAP server (slapd)
before this (broken) version:
zool...@venkman:~$ ldapsearch uid=
On Mon, Apr 26, 2010 at 10:53:29AM -, Steve Langasek wrote:
>
> This patch doesn't appear to clean up any previously-added
> olcAuthzRegexp lines, or previously-added olcAccess lines referencing
> localroot, so the resulting config will be different for users upgrading
> to lucid final from an
This bug was fixed in the package openldap - 2.4.21-0ubuntu5
---
openldap (2.4.21-0ubuntu5) lucid; urgency=low
* Fix local root connection access: replace olcAuthzRegexp mapping to
cn=localroot,cn=config with using the SASL dn directly in olcAccess.
Makes upgrades much simpl
+ sed -i 's/^\(olcDatabase: {-1}frontend\)/\0\nolcAccess:
{0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
manage by * break/' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif"
+ sed -i 's/^\(olcDatabase: {0}config\)/\0\
(Obviously, that should be LP: #427842 .)
--
olcAccess are options broken on upgrade in {-1}frontend.ldif
https://bugs.launchpad.net/bugs/563829
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
--
Ubuntu-server-bugs ma
Also, should the edits made to the the olcDatabase={-1}frontend.ldif file
include granting
to dn.base="" by * read'
permissions, too? It appears that that statement exists in (for example) the
Hardy version of slapd.conf, but the slapd.conf -> slapd.d conversion migrates
it to the olcDatabas
I took a quick look through the new slapd.postinst script found in:
lp:~mathiaz/ubuntu/lucid/openldap/fix-root-olcaccess-upgrade
Am I correct that you no longer attempt to delete the
olcAccess: {0}to * by * none
line from the olcDatabase={0}config.ldif file (i.e the line that is generated
au
I've reviewed that code and came up with a much simpler to handle root
access. That should make upgrade more robust the root olcAccess is just
stuck at the beginning of the olcAccess list. Existing olcAccess from
upgrades are still applied as the inserted line ends with "by *break".
I also got rea
** Branch linked: lp:~mathiaz/ubuntu/lucid/openldap/fix-root-olcaccess-
upgrade
--
olcAccess are options broken on upgrade in {-1}frontend.ldif
https://bugs.launchpad.net/bugs/563829
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap
** Changed in: openldap (Ubuntu Lucid)
Status: Triaged => In Progress
--
olcAccess are options broken on upgrade in {-1}frontend.ldif
https://bugs.launchpad.net/bugs/563829
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in
** Changed in: openldap (Ubuntu Lucid)
Assignee: (unassigned) => Mathias Gug (mathiaz)
--
olcAccess are options broken on upgrade in {-1}frontend.ldif
https://bugs.launchpad.net/bugs/563829
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed
** Changed in: openldap (Ubuntu)
Importance: Undecided => Medium
** Changed in: openldap (Ubuntu)
Status: New => Triaged
** Also affects: openldap (Ubuntu Lucid)
Importance: Medium
Status: Triaged
--
olcAccess are options broken on upgrade in {-1}frontend.ldif
https://bugs.l
24 matches
Mail list logo