[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6035) slapd requires restart after modifying olcAuthzRegexp

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6035) slapd requires restart after modifying olcAuthzRegexp
From: ryan@nardis.ca
Date: Wed, 17 Sep 2014 04:35:16 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Hi,

Following up from 
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761407#23>:

This limitation seems to still exist (tried RE24 and master).

Until it can be fixed, please document it clearly in slapd-config.5 (and maybe 
the admin guide too), as well as any related attrs if they also require a 
restart (olcAuthzPolicy?). It's surprising behaviour, since almost every other 
attribute does support online configuration. Proposed patch follows.

thanks,
Ryan

diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
index c5bf06f..7c39369 100644
--- a/doc/man/man5/slapd-config.5
+++ b/doc/man/man5/slapd-config.5
@@ -409,6 +409,10 @@ values can be specified to allow for multiple matching
 and replacement patterns. The matching patterns are checked in the order they 
 appear in the attribute, stopping at the first successful match.
 
+Note that changes to 
+.B olcAuthzRegexp 
+take effect the next time the server is started, not immediately upon 
+changing the configuration.
 .\".B Caution:
 .\"Because the plus sign + is a character recognized by the regular expression engine,
 .\"and it will appear in names that include a REALM, be careful to escape the

Prev by Date: Re: (ITS#7940) Glue entry creation creates entries that cannot be found via ldapsearch filters
Next by Date: (ITS#7941) crash in slap_bv2ad using repeated tags
Index(es):
- Chronological
- Thread