OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/7066
Full headers

From: rhafer@suse.de
Subject: ACL added to back-config only active after restart
 Compose comment
Download message
State:
0 replies:
0 followups:

Major security issue: yes  no

Notes:

Notification: 


Date: Tue, 18 Oct 2011 12:45:25 +0000
From: rhafer@suse.de
To: openldap-its@OpenLDAP.org
Subject: ACL added to back-config only active after restart

Full_Name: Ralf Haferkamp
Version: RE24, master
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (89.166.171.158)


The first ACL added to "olcDatabase={0}config,cn=config" does only get active
after slapd is restarted. This is because slapd upon startup creates a hardcoded
deny-everything ACL when no ACL is defined explicitly for the database. ACLs
added after slapd is started will be appended to that hardcoded ACL (but never
evaluated as the hardcoded one already matches everything).

I am working on a fix, reworking the way how the hardcoded default ACL for
olcDatabase={0}config,cn=config is applied.
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org