olcAccess are options broken on upgrade in {-1}frontend.ldif
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Release Notes for Ubuntu |
Invalid
|
Undecided
|
Unassigned | ||
openldap (Ubuntu) |
Fix Released
|
Medium
|
Mathias Gug | ||
Lucid |
Fix Released
|
Medium
|
Mathias Gug |
Bug Description
Per Mathiaz:
| Reviewing the slapd.postinst code it seems that indexed olcAccess options are
| not correctly added to {-1}frontend.ldif as well. So only {0}config.ldif is
| fixed. The same logic/fixes should be applied to {-1}frontend.ldif as well.
|
| There is a similar indexing error with olcAuthzRegex in cn=config.ldif since
| there can be multiple olcAuthzRegex specified in a configuration (this should
| be tested though by inserting multiple olcAuthzRegex via ldap into cn=config
| and checking the results in ldif file).
As I understand, the changes needed are to change the modifcation done by slapd.postinst to 'olcDatabase=
tags: | added: hardy2lucid |
Changed in openldap (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in openldap (Ubuntu Lucid): | |
assignee: | nobody → Mathias Gug (mathiaz) |
I've reviewed that code and came up with a much simpler to handle root access. That should make upgrade more robust the root olcAccess is just stuck at the beginning of the olcAccess list. Existing olcAccess from upgrades are still applied as the inserted line ends with "by *break".
I also got ready of the cn=localroot, cn=config mapping which could be exist on systems. It makes the whole thing simpler and more robust.