[Date Prev][Date Next]
(ITS#4256) HEADS-UP: chain overlay authz configuration
Full_Name: Pierangelo Masarati
Submission from: (NULL) (188.8.131.52)
Submitted by: ando
Recently in re23 (I think between 2.3.12 and 2.3.13) a bug was fixed in
slapd-ldap/slapo-chain, but it went unnoticed. This bug allowed the
configuration of slapo-chain(5) using the chain-acl-bind directive to provide
the identity assertion feature in a way that behaved similarly to the
chain-idassert-bind directive. This error was reflected in the tests that used
the slapo-chain(5) overlay.
The fix has already been released, so this ITS is being filed only to track the
The __INCORRECT__ configuration of slapo-chain (for example) was:
The __CORRECT__ configuration is:
Note that now an identity assertion directive can only be used __after__ a
"chain-uri" specification; unspecified URIs can only be chained anonymously.