https://bugs.openldap.org/show_bug.cgi?id=9253
Bug ID: 9253
Summary: Access not retained when last examined olcAccess has a
"break" control
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: bugs(a)openldap.org
Reporter: kop(a)karlpinc.com
Target Milestone: ---
When the last examined olcAccess control is "break" then it does not
matter what access rights have been granted by the rules, access is
denied.
Reproduce by having a database with a single access rule:
to attrs=userPassword by anonymous =x
Note that ldapwhoami successfully does a simple bind.
Then, modify so that the single existing access rule is:
to attrs=userPassword by anonymous =x break
Users can no longer do a simple bind.
You will see similar behavior with SASL binds, or any number
of access rules. Access is denied when the the last examined access
control is "break".
The problem is at line 309 of: servers/slapd/acl.c
(In master/HEAD, and probably all versions)
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugs.openldap.org/show_bug.cgi?id=9252
Bug ID: 9252
Summary: OpenLDAP ldif file import issue
Product: OpenLDAP
Version: 2.4.44
Hardware: x86_64
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: build
Assignee: bugs(a)openldap.org
Reporter: pranjit_biswas(a)infosys.com
Target Milestone: ---
We are trying to install openldap.x86_64 - 2.4.44-21.el7_6 on an Linux RHEL
7.7 on AWS .
We have installed and made changes to the config files and did a slaptest of
the config file as shown below .
[root@efg-ac cn=config]# slaptest -u
5ea6064f ldif_read_file: checksum error on
"/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif"
5ea6064f ldif_read_file: checksum error on
"/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif"
config file testing succeeded
Now we are importing the ldif file from our current on-prem server .
Even though we were getting different errors earlier , after all the changes we
have made to the config , the error that we are getting now is ldap_bind error
for the credentials .
[root@efg-dev cn=config]# ldapadd -w xxxxxxxx -x -D "cn=Manager,dc=bpost,dc=be"
-f ldap_dump-27042020-DEV.ldif
ldap_bind: Invalid credentials (49)
We are not sure which password to give here .
We have given the same credentials in the config file : olcDatabase={2}hdb.ldif
olcRootDN: cn=Manager,dc=bpost,dc=be
olcRootPW: xxxxxxxx
Please assist
--
You are receiving this mail because:
You are on the CC list for the bug.