OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/6035
Full headers

From: dgbaley27@verizon.net
Subject: slapd requires restart after modifying olcAuthzRegexp
Compose comment
Download message
State:
0 replies:
3 followups: 1 2 3

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 26 Mar 2009 03:33:37 +0000
From: dgbaley27@verizon.net
To: openldap-its@OpenLDAP.org
Subject: slapd requires restart after modifying olcAuthzRegexp
Full_Name: Matthew Monaco
Version: 2.4.11
OS: GNU/Linux 2.6.27-7 (Ubuntu 8.10 Server JeOS)
URL: 
Submission from: (NULL) (96.242.209.249)


After modifying existing olcAuthzRegexp and/or adding/removing additional
olcAuthzRegexp from cn=config, I needed to restart slapd for the changes to take
effect.

I'm not sure if it matters but I was using ldapvi to do the modification.

I can however, confirm that the changes immediately appeared in various other
ldap browsers (such as Apache Directory Studio).

Followup 1

Download message
Date: Thu, 26 Mar 2009 09:13:13 -0700
From: hyc@symas.com
To: dgbaley27@verizon.net
Cc: openldap-its@openldap.org
Subject: Re: (ITS#6035) slapd requires restart after modifying
	olcAuthzRegexp
This is a known limitation in authz regexp support. There are no plans
to change this any time soon.

On Thu, Mar 26, 2009 at 03:33:37AM +0000, dgbaley27@verizon.net wrote:
> Full_Name: Matthew Monaco
> Version: 2.4.11
> OS: GNU/Linux 2.6.27-7 (Ubuntu 8.10 Server JeOS)
> URL: 
> Submission from: (NULL) (96.242.209.249)
> 
> 
> After modifying existing olcAuthzRegexp and/or adding/removing additional
> olcAuthzRegexp from cn=config, I needed to restart slapd for the changes to
take
> effect.
> 
> I'm not sure if it matters but I was using ldapvi to do the modification.
> 
> I can however, confirm that the changes immediately appeared in various
other
> ldap browsers (such as Apache Directory Studio).



Followup 2

Download message
Date: Thu, 26 Mar 2009 13:20:45 -0700
From: Quanah Gibson-Mount <quanah@zimbra.com>
To: hyc@symas.com, openldap-its@openldap.org
Subject: Re: (ITS#6035) slapd requires restart after modifying
 olcAuthzRegexp
--On Thursday, March 26, 2009 4:14 PM +0000 hyc@symas.com wrote:

> This is a known limitation in authz regexp support. There are no plans
> to change this any time soon.

Where's this limitation documented?  What other parameters in the config 
backend have the same flaw?  We've certainly fixed this for a number of 
other things.

I don't even see authz-regexp/olcAuthzRegexp mentioned in chapters 5 or 6 
in the admin guide, and the man pages don't note this limitation.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration



Followup 3

Download message
Date: Thu, 26 Mar 2009 21:27:32 +0100
From: Pierangelo Masarati <ando@sys-net.it>
To: quanah@zimbra.com
CC: openldap-its@openldap.org
Subject: Re: (ITS#6035) slapd requires restart after modifying olcAuthzRegexp
quanah@zimbra.com wrote:
> --On Thursday, March 26, 2009 4:14 PM +0000 hyc@symas.com wrote:
> 
>> This is a known limitation in authz regexp support. There are no plans
>> to change this any time soon.
> 
> Where's this limitation documented?  What other parameters in the config 
> backend have the same flaw?  We've certainly fixed this for a number of 
> other things.

Indeed, it has been finally, although rather inelegantly, fixed in 
slapo-rwm(5), AFAIR.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org