https://bugs.openldap.org/show_bug.cgi?id=9944
Issue ID: 9944 Summary: Reverting an olcDbACLBind statement breaks proxied write operations Product: OpenLDAP Version: 2.6.3 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: quanah@openldap.org Target Milestone: ---
On a system with olcDbIDAssertBind configured, and proxied authorizations working correctly, an olcDbACLBind statement was added to the configuration for lastbind support. However an incorrect identity was in place for the authzid in the ACL bind statement which caused proxy authorization to fail. The change was backed out (There was never any change to the olcDbIDAssertBind config fragment) and after that, all write operations failed instead of being proxied, with err=80. Restarting slapd fixed the issue, which indicates an underlying problem in the cn=config db in reverting to the original working state.
https://bugs.openldap.org/show_bug.cgi?id=9944
--- Comment #1 from Howard Chu hyc@openldap.org --- Will need a test config to repro.
https://bugs.openldap.org/show_bug.cgi?id=9944
--- Comment #2 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to Howard Chu from comment #1)
Will need a test config to repro
I'll look at adding this to the ITS9863 regression test which already has the configuration, just needs the ALC bind deletion step added.
https://bugs.openldap.org/show_bug.cgi?id=9944
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Target Milestone|--- |2.6.5
https://bugs.openldap.org/show_bug.cgi?id=9944
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.6.5 |2.6.6
https://bugs.openldap.org/show_bug.cgi?id=9944
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.6.6 |2.6.7
https://bugs.openldap.org/show_bug.cgi?id=9944
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- well, I don't recall the exact change now and I don't have access to the commit history/old config. My attempt at the change succeeded w/o issue, but not knowing the details I don't know if it was the same change as before.
https://bugs.openldap.org/show_bug.cgi?id=9944
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.6.7 |--- Status|UNCONFIRMED |RESOLVED Resolution|--- |SUSPENDED
https://bugs.openldap.org/show_bug.cgi?id=9944
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org