Your message dated Thu, 26 Aug 2010 19:32:33 +0000 with message-id <e1ooibd-0001da...@franck.debian.org> and subject line Bug#593566: fixed in openldap 2.4.23-4 has caused the Debian Bug report #593566, regarding slapd - Root access to cn=config not working after upgrade to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 593566: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593566 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: slapd Version: 2.4.23-3 Severity: grave I installed 2.4.23-2 and updated to -3 without a config change. Now I cannot access cn=config. | # ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" | SASL/EXTERNAL authentication started | SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth | SASL SSF: 0 | # extended LDIF | # | # LDAPv3 | # base <cn=config> with scope subtree | # filter: (objectclass=*) | # requesting: ALL | # | | # search result | search: 2 | result: 32 No such object | | # numResponses: 1 ACL debugging log: [startup] | slapd starting | => access_allowed: search access to "cn=config" "entry" requested | => acl_get: [1] attr entry | => acl_mask: access to entry "cn=config", attr "entry" requested | => acl_mask: to all values by "cn=localroot,cn=config", (=0) | <= check a_dn_pat: * | <= acl_mask: [1] applying none(=0) (stop) | <= acl_mask: [1] mask: none(=0) | => slap_access_allowed: search access denied by none(=0) | => access_allowed: no more rules | connection_read(12): no connection! | connection_read(12): no connection! | daemon: shutdown requested and initiated. | slapd shutdown: waiting for 0 operations/tasks to finish | slapd stopped. The access is done as cn=localroot,cn=config | # grep olcAuthz cn=config.ldif | olcAuthzPolicy: none | olcAuthzRegexp: gidNumber=[[:digit:]]+\+uidNumber=0,cn=peercred,cn=external,cn=auth cn=localroot,cn=config But the first access rule already rejects all access | # grep olcAcc cn=config/olcDatabase=\{0\}config.ldif | olcAccess: {0}to * by * none | olcAccess: {1}to * by dn.exact=cn=localroot,cn=config manage by * break Not sure why this stunt it done instead of using | gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth directly. If seen the later in Ubuntu. Bastian -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.35-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages slapd depends on: ii adduser 3.112 add and remove users and groups ii coreutils 8.5-1 GNU core utilities ii debconf [debconf-2.0] 1.5.35 Debian configuration management sy ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib ii libdb4.8 4.8.30-1 Berkeley v4.8 Database Libraries [ ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr ii libldap-2.4-2 2.4.23-3 OpenLDAP libraries ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libperl5.10 5.10.1-14 shared Perl library ii libsasl2-2 2.1.23.dfsg1-5.1 Cyrus SASL - authentication abstra ii libslp1 1.2.1-7.8 OpenSLP libraries ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip ii perl [libmime-base64-pe 5.10.1-14 Larry Wall's Practical Extraction ii psmisc 22.12-1 utilities that use the proc file s ii unixodbc 2.2.14p2-1 ODBC tools libraries Versions of packages slapd recommends: ii libsasl2-modules 2.1.23.dfsg1-5.1 Cyrus SASL - pluggable authenticat Versions of packages slapd suggests: ii ldap-utils 2.4.23-3 OpenLDAP utilities -- Configuration Files: /etc/default/slapd changed: SLAPD_CONF="/etc/ldap/slapd.d" SLAPD_USER="openldap" SLAPD_GROUP="openldap" SLAPD_PIDFILE= SLAPD_SERVICES="ldapi:///" SLAPD_SENTINEL_FILE=/etc/ldap/noslapd SLAPD_OPTIONS="" -- debconf information excluded
--- End Message ---
--- Begin Message ---Source: openldap Source-Version: 2.4.23-4 We believe that the bug you reported is fixed in the latest version of openldap, which is due to be installed in the Debian FTP archive: ldap-utils_2.4.23-4_amd64.deb to main/o/openldap/ldap-utils_2.4.23-4_amd64.deb libldap-2.4-2-dbg_2.4.23-4_amd64.deb to main/o/openldap/libldap-2.4-2-dbg_2.4.23-4_amd64.deb libldap-2.4-2_2.4.23-4_amd64.deb to main/o/openldap/libldap-2.4-2_2.4.23-4_amd64.deb libldap2-dev_2.4.23-4_amd64.deb to main/o/openldap/libldap2-dev_2.4.23-4_amd64.deb openldap_2.4.23-4.diff.gz to main/o/openldap/openldap_2.4.23-4.diff.gz openldap_2.4.23-4.dsc to main/o/openldap/openldap_2.4.23-4.dsc slapd-dbg_2.4.23-4_amd64.deb to main/o/openldap/slapd-dbg_2.4.23-4_amd64.deb slapd-smbk5pwd_2.4.23-4_amd64.deb to main/o/openldap/slapd-smbk5pwd_2.4.23-4_amd64.deb slapd_2.4.23-4_amd64.deb to main/o/openldap/slapd_2.4.23-4_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 593...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthijs Mohlmann <matth...@cacholong.nl> (supplier of updated openldap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 26 Aug 2010 20:30:51 +0200 Source: openldap Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg Architecture: source amd64 Version: 2.4.23-4 Distribution: unstable Urgency: low Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-de...@lists.alioth.debian.org> Changed-By: Matthijs Mohlmann <matth...@cacholong.nl> Description: ldap-utils - OpenLDAP utilities libldap-2.4-2 - OpenLDAP libraries libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries libldap2-dev - OpenLDAP development libraries slapd - OpenLDAP server (slapd) slapd-dbg - Debugging information for the OpenLDAP server (slapd) slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd. Closes: 593550 593566 593878 Changes: openldap (2.4.23-4) unstable; urgency=low . [ Steve Langasek ] * Bump the database upgrade version check to 2.4.23-4; should have been set to 2.4.23-1 when we switched to db4.8, but was missed so we need to clean up. Closes: #593550. . [ Matthijs Mohlmann ] * Fix root access to cn=config on upgrades from configuration style slapd.conf Thanks to Mathias Gug (Closes: #593566, #593878) Checksums-Sha1: 9a22756cf7646a61fc85ca7f405f29fe693924bc 1874 openldap_2.4.23-4.dsc 24b25db604f34152cb760b7a677b2f4239849c51 152188 openldap_2.4.23-4.diff.gz 1bae4674b4655a8cb88e195fb3632c5a4210f063 1584404 slapd_2.4.23-4_amd64.deb 94d05c648e25d5cd3b8c679516e3198f1c4401a2 56662 slapd-smbk5pwd_2.4.23-4_amd64.deb 9fb6620e911b33ec98918da6c1ceb00e40417f00 326898 ldap-utils_2.4.23-4_amd64.deb 092037284f12c776d592c8e5bca499683ac1b456 208590 libldap-2.4-2_2.4.23-4_amd64.deb 3bb62fdde3a2ac24e75dcae35bda7f881bd6f669 305696 libldap-2.4-2-dbg_2.4.23-4_amd64.deb cb33eeaf054428d7e2ecec2b3a22debccf840285 912080 libldap2-dev_2.4.23-4_amd64.deb 99e9f6e2d7ebc2aa88ba890c26859c334c4254b9 4028244 slapd-dbg_2.4.23-4_amd64.deb Checksums-Sha256: 963491e0a2691894d661e4e7196f101209ff99a44108884184e5dfc43b62d37e 1874 openldap_2.4.23-4.dsc f716c8cdb5fbf53af5c1582780399f89e4d46f8c351b8c98c016776eebfeecef 152188 openldap_2.4.23-4.diff.gz 118dc2405e3be72457497bbc745356a832d6aaa7a191d9fbf66e3d29fec2ebc7 1584404 slapd_2.4.23-4_amd64.deb 1f52246a08ca481c955256314af7250bc6dc363d703de80ff7f34fd25f65bffb 56662 slapd-smbk5pwd_2.4.23-4_amd64.deb 13a00b134897f4816ed47a69dd3cb1721489dc3fa1582f3f60eb71e19617bf74 326898 ldap-utils_2.4.23-4_amd64.deb 3ad37a48c1bfc7b684aeb6235c3d043008d215cdb4800c1af2121c32b1f4c644 208590 libldap-2.4-2_2.4.23-4_amd64.deb b2e39d049260b5297e234284556e45d5aa3a61e4b0d11ce86a958aa90b9e0712 305696 libldap-2.4-2-dbg_2.4.23-4_amd64.deb 5290ee66d781943bb9e7fc346a1890b4174f36d23202154ed27e3e90f5dc5e6a 912080 libldap2-dev_2.4.23-4_amd64.deb ab6cce65225a6e807aeae6e98053a3515dead28b0c8e3f002b82c04bd4e4406f 4028244 slapd-dbg_2.4.23-4_amd64.deb Files: c28b37e0486be8b85628a0fcbb77a62c 1874 net optional openldap_2.4.23-4.dsc 602a396b3d5fcdf35ea5a611ecf8051a 152188 net optional openldap_2.4.23-4.diff.gz 15b10f1cd0a28b0c7def6de52c848d18 1584404 net optional slapd_2.4.23-4_amd64.deb d986d76e9a127b93a69d338c96ff2fd6 56662 net extra slapd-smbk5pwd_2.4.23-4_amd64.deb 99479f34afa5ac220ba89988741c063d 326898 net optional ldap-utils_2.4.23-4_amd64.deb ef9caf3fdccad2c909c6e7c0ee3b16ea 208590 libs standard libldap-2.4-2_2.4.23-4_amd64.deb 7e43664ef2a3e5d3dcdd7d7dd2130627 305696 debug extra libldap-2.4-2-dbg_2.4.23-4_amd64.deb bf964b37e976d61bf8e41107dc49ccd1 912080 libdevel extra libldap2-dev_2.4.23-4_amd64.deb 5cd88a242c043b110091ca924ff57a24 4028244 debug extra slapd-dbg_2.4.23-4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkx2vg4ACgkQ2n1ROIkXqbBKuwCfd/uy9JpsWb8n/HTSaoEJOU9/ ejIAnjKuqsXKazfZqRXUAvUSNczzUBof =ZUOR -----END PGP SIGNATURE-----
--- End Message ---
