objectclass filter bug in rwm overlay module of slapd 2.4.9

Bug #283239 reported by Konrad Mauz
2
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: slapd

Description: Ubuntu 8.04.1
Release: 8.04

slapd 2.4.9-0ubuntu0.8.04.1

When using rwm to create a subset ob attributes the objectclass attribute is filtered. Things like libnss-ldap and pam-ldap gets broken ( since they use a search filter with (&(objectclass=posixAccount)) ). The bug is known and fixed ( in 2.4.12 ) upstream. The Openldap ITS Number is 5647 ( http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5647;page=3 )
Is it possible to patch the bug?

If you need more information please contact me.

Regards,
Konrad

Revision history for this message
Mathias Gug (mathiaz) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

Could you provide specific steps to recreate this bug?

This will help us to find and resolve the problem.

Changed in openldap:
status: New → Incomplete
Revision history for this message
Konrad Mauz (kmauz) wrote : Re: [Bug 283239] Re: objectclass filter bug in rwm overlay module of slapd 2.4.9

On Mon, Oct 27, 2008 at 11:56:42AM -0000, Mathias Gug wrote:
> Thank you for taking the time to report this bug and helping to make
> Ubuntu better.
>
> Could you provide specific steps to recreate this bug?
>
> This will help us to find and resolve the problem.
>
> ** Changed in: openldap (Ubuntu)
> Status: New => Incomplete

1.) Configure libnss-ldap on a Linux Client to use LDAP as NSS Source
for group, passwd and shadow

2.) On the server try this config:

    -- start --
    database ldap
    suffix "dc=example,dc=org"
    uri "ldap://realldapserver.example.org"
    overlay rwm
    rwm-rewriteEngine on
    rwm-normalize-mapped-attrs yes

    rwm-map attribute cn *
    rwm-map attribute uid *
    rwm-map attribute uidnumber *
    rwm-map attribute loginshell *
    rwm-map attribute gidnumber *
    rwm-map attribute userpassword *
    rwm-map attribute gecos *
    rwm-map attribute shadowlastchange *
    rwm-map attribute shadowexpire *
    rwm-map attribute homedirectory *
    rwm-map attribute shadowMin *
    rwm-map attribute shadowMax *
    rwm-map attribute shadowWarning *
    rwm-map attribute shadowInactive *
    rwm-map attribute shadowFlag *
    rwm-map attribute memberUid *
    rwm-map attribute uniqueMember *
    rwm-map attribute description *
    rwm-map attribute sn *
    rwm-map attribute givenname *
    rwm-map attribute mail *
    rwm-map attribute *
    -- end --

    all other attributes are hidden ( objectclass attribute inclusive
    ;-(( ).

    The nss ldap client is now unable to find a user since the ldap
    filter (&(uid=xyz)(objectclass=posixaccount)) allways returns null
    entries.

    If you comment out the last line ( rwm-map attribute * ) then
    everything works OK, but all attributes are delivered to the
    client! We have more attributes on the "realldapserver" but we only
    want to provide the attributes needed for nss.

I have compiled the version 2.4.12 from source and the bug is gone. So I
think it would be nice to backport the patch which is in 2.4.12 to 2.4.9
( Ubuntu Version ) or to update the openldap package to 2.4.12.

Regards,

Konrad

--
Konrad Mauz
Rechenzentrum
Hochschule Technik, Wirtschaft und Gestaltung
Braunegger-Strasse 55, D 78462 Konstanz
e-mail: <email address hidden>
Tel.: +49 7531 206-472
Fax.: +49 7531 206-153

Revision history for this message
Mathias Gug (mathiaz) wrote :

Thanks for providing a testcase. The next step is to isolate the patch in upstream repository so that we can see if it fits the criteria for a Stable Release Update.

Changed in openldap:
status: Incomplete → Confirmed
Revision history for this message
Konrad Mauz (kmauz) wrote :

On Wed, Oct 29, 2008 at 12:03:23PM -0000, Mathias Gug wrote:
> Thanks for providing a testcase. The next step is to isolate the patch
> in upstream repository so that we can see if it fits the criteria for a
> Stable Release Update.
>
> ** Changed in: openldap (Ubuntu)
> Status: Incomplete => Confirmed
>

Ok... the bug is confirmed. And now? Will there ( when? ) a fix or not?
I doesn't know the criteria for such updates, but I think it has to be
fixed, since it is a LTS ubuntu release - and ubuntu do not want 5 years
with a bug in the openldap package!?! If I can help ( testing ) let me
know.

Regards,

Konrad

--
Konrad Mauz
Rechenzentrum
Hochschule Technik, Wirtschaft und Gestaltung
Braunegger-Strasse 55, D 78462 Konstanz
e-mail: <email address hidden>
Tel.: +49 7531 206-472
Fax.: +49 7531 206-153

Revision history for this message
Mathias Gug (mathiaz) wrote : Re: [Bug 283239] Re: objectclass filter bug in rwm overlay module of slapd 2.4.9

On Mon, Nov 24, 2008 at 10:07:44AM -0000, Konrad Mauz wrote:
> Ok... the bug is confirmed. And now? Will there ( when? ) a fix or not?

The next step is to find the patch that addresses this specific bug in
upstream CVS.

> I doesn't know the criteria for such updates, but I think it has to be
> fixed, since it is a LTS ubuntu release - and ubuntu do not want 5 years
> with a bug in the openldap package!?! If I can help ( testing ) let me
> know.
>

The criteria for Stable Release Updates can be found here:
https://wiki.ubuntu.com/StableReleaseUpdates

--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com

Revision history for this message
Konrad Mauz (kmauz) wrote :

On Thu, Nov 27, 2008 at 11:17:20PM -0000, Mathias Gug wrote:
> On Mon, Nov 24, 2008 at 10:07:44AM -0000, Konrad Mauz wrote:
> > Ok... the bug is confirmed. And now? Will there ( when? ) a fix or not?
>
> The next step is to find the patch that addresses this specific bug in
> upstream CVS.
>
> > I doesn't know the criteria for such updates, but I think it has to be
> > fixed, since it is a LTS ubuntu release - and ubuntu do not want 5 years
> > with a bug in the openldap package!?! If I can help ( testing ) let me
> > know.
> >
>
> The criteria for Stable Release Updates can be found here:
> https://wiki.ubuntu.com/StableReleaseUpdates
>

Hello Mathias,

the patch in CVS can be found in:

http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/overlays/rwmconf.c?hideattic=1&sortbydate=0
( search for ITS#5647 ).

I read through the Stable Release Updates... seems like I have to build
openldap from source ;-(.

Regards,

Konrad

--
Konrad Mauz
Rechenzentrum
Hochschule Technik, Wirtschaft und Gestaltung
Braunegger-Strasse 55, D 78462 Konstanz
e-mail: <email address hidden>
Tel.: +49 7531 206-472
Fax.: +49 7531 206-153

Revision history for this message
Mathias Gug (mathiaz) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. However, I am closing it because the bug has been fixed in the latest development version of Ubuntu - the Jaunty Jackalope. It won't be fixed in previous versions of Ubuntu because the package doesn't fit the requirements for backporting. See https://help.ubuntu.com/community/UbuntuBackports for more information.

Changed in openldap:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.