touch-packages team mailing list archive

Thread
Date

[Bug 571752] Re: slapd upgrades don't add frontend ACLs for base="" and cn=subschema

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Ryan Tandy <571752@xxxxxxxxxxxxxxxxxx>
Date: Sat, 26 Dec 2015 18:39:50 -0000
Reply-to: Bug 571752 <571752@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Fixed in natty and later, looks like.

openldap (2.4.23-5) unstable; urgency=high
[...]
  * debian/slapd.scripts-common, debian/slapd.postinst: on upgrade from
    versions <= 2.4.23-4, explicitly grant access to cn=Subschema, which
    otherwise is blocked by our added olcAccess settings.  Closes: #596326.
  * Likewise, grant access to dn.exact="" so that base dn autodiscovery
    works as intended.  Closes: #596049.

** Changed in: openldap (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/571752

Title:
  slapd upgrades don't add frontend ACLs for base="" and cn=subschema

Status in openldap package in Ubuntu:
  Fix Released

Bug description:
  As a result of LP: #427842, the initial configuration created upon installation of slapd 2.4.21-0ubuntu4 and later will include the following ACLs on the {-1}frontend database:
    olcAccess: to dn.base="" by * read
    olcAccess: to dn.base="cn=subschema" by * read

  However, when upgrading from earlier versions of slapd, no attempt is
  made make sure these ACLs exist.

  In the case of a Hardy -> Lucid upgrade, this causes e.g. "ldapvi
  --discover" to stop working.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/571752/+subscriptions