OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Documentation/6364
Full headers

From: quanah@openldap.org
Subject: refint needs to have rootdn set
 Compose comment
Download message
State:
0 replies:
3 followups: 1 2 3

Major security issue: yes  no

Notes:

Notification: 


Date: Thu, 05 Nov 2009 21:25:27 +0000
From: quanah@openldap.org
To: openldap-its@OpenLDAP.org
Subject: refint needs to have rootdn set

Full_Name: Quanah Gibson-Mount
Version: 2.4.19
OS: NA
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.29.239)


The refint overlay doesn't necessarily work correctly without a rootdn being set
on the database it is applying to.  This requirement should be documented in the
man page.

See:

http://www.openldap.org/lists/openldap-software/200911/msg00039.html

for more info

Followup 1

Download message
Date: Fri, 06 Nov 2009 12:35:01 +0100
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
To: quanah@openldap.org
CC: openldap-its@openldap.org
Subject: Re: (ITS#6364) refint needs to have rootdn set

quanah@OpenLDAP.org wrote:
> The refint overlay doesn't necessarily work correctly without a rootdn
being set
> on the database it is applying to.  This requirement should be documented
in the
> man page.

I'd argue that slapd should not even start if such a strong requirement of an
overlay is not met by configuration.

Ciao, Michael.

Followup 2

Download message
Date: Fri, 22 Jan 2010 19:37:04 +0100
From: Peter Mogensen <apm@mutex.dk>
To: openldap-its@openldap.org
CC: quanah@openldap.org
Subject: Re: (ITS#6364) refint needs to have rootdn set

This may be related.

I've veryfied that my refint overlay is not working.
However I have a rootdn defined for the database, but it is set to 
cn=config.
Could it be that the rootdn has to be in the scope of the database for 
refint to work?

slapd 2.4.20, back-hdb, BerkeleyDB 4.8.24

/Peter

Followup 3

Download message
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 1 Dec 2010 12:34:38 +0100
To: Peter Mogensen <apm@mutex.dk>,
        =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
Cc: openldap-its@openldap.org
Subject: Re: (ITS#6364) refint needs to have rootdn set

Quanah Gibson-Mount wrote:
> The refint overlay doesn't necessarily work correctly without a rootd=
n
> being set on the database it is applying to.  This requirement should=

> be documented in the man page.

Fixed in the manpage, but not in the admin guide.


Michael=5FStr=F6der wrote:
> I'd argue that slapd should not even start if such a strong
> requirement of an overlay is not met by configuration.

Leaving that for Howard, but I don't think we can do that now.
cn=3Dconfig should then also refuse to delete rootdn, otherwise we'd ha=
ve
the worse behavior that slapd won't start after a cn=3Dconfig update.


Peter Mogensen wrote:
> I've veryfied that my refint overlay is not working.
> However I have a rootdn defined for the database, but it is set to=20=

> cn=3Dconfig.
> Could it be that the rootdn has to be in the scope of the database fo=
r=20
> refint to work=3F

I don't think so.  Hopefully it was ITS#6663 or ITS#6730, now fixed.

--=20
Hallvard
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org