Insufficient access in dyndb DEP8 test
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bind-dyndb-ldap (Ubuntu) |
Fix Released
|
Undecided
|
Andreas Hasenack | ||
bind9 (Ubuntu) |
Fix Released
|
Undecided
|
Andreas Hasenack |
Bug Description
Caught this in a run of the dyndb-ldap DEP8 test:
280s 2023-09-
280s 2023-09-
280s 2023-09-
280s 2023-09-
Looks like sometimes the dyndb-ldap plugin wants to write to the tree, and not just read from it. Looking at the code, that can happen for some SOA attributes, and perhaps other cases too. The documentation isn't immediately clear.
A re-run of this test cleared the error, but we all dislike flaky tests, so it's probably best to adjust the ACL and allow the bind9 user to write to the DNS tree. Production deployments will definitely want to fine tune this ACL and list explicit attribites and entry types that can be modified, but for a DEP8 test, this is enough.
```diff
--- a/debian/
+++ b/debian/
@@ -135,7 +135,7 @@ EOF
dn: olcDatabase=
changetype: modify
add: olcAccess
-olcAccess: {1}to dn.subtree=
+olcAccess: {1}to dn.subtree=
EOF
}
```
Related branches
- git-ubuntu bot: Approve
- Lucas Kanashiro (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 33 lines (+9/-1)2 files modifieddebian/changelog (+6/-0)
debian/tests/dyndb-ldap (+3/-1)
- git-ubuntu bot: Approve
- Lucas Kanashiro (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 66 lines (+15/-3)3 files modifieddebian/changelog (+8/-0)
debian/control (+2/-1)
debian/tests/dyndb-ldap (+5/-2)
Changed in bind9 (Ubuntu): | |
status: | New → In Progress |
assignee: | nobody → Andreas Hasenack (ahasenack) |
This bug was fixed in the package bind-dyndb-ldap - 11.10-6ubuntu1
---------------
bind-dyndb-ldap (11.10-6ubuntu1) mantic; urgency=medium
* d/t/dyndb-ldap fixes:
- use correct attribute in the bind9 dn entry (LP: #2034251)
- allow writing to the dns tree (LP: #2034250)
-- Andreas Hasenack <email address hidden> Tue, 05 Sep 2023 10:05:46 -0300