Ubuntu Server Guide

Default ACLs created by the package have changed, guide needs updating

Bug #1689809 reported by Andreas Hasenack
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Server Guide
Fix Released
Undecided
Andreas Hasenack

Bug Description

The ACL section at https://help.ubuntu.com/16.04/serverguide/openldap-server.html#openldap-server-acl needs updating because the default ACLs installed by the slapd package have changed.

For example, instead of (from the guide):
sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(olcDatabase={1}hdb)' olcAccess

dn: olcDatabase={1}hdb,cn=config
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous
              auth by dn="cn=admin,dc=example,dc=com" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write by *
  read

We now have (the s/hdb/mdb/ change is covered in bug #1689649):
$ sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(olcDatabase={1}mdb)' olcAccess
dn: olcDatabase={1}mdb,cn=config
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to * by * read

Related branches

lp:~ahasenack/serverguide/default-acls-1689809
Doug Smythies: Approve
Diff: 157 lines (+27/-30)
1 file modified
serverguide/C/network-auth.xml (+27/-30)
lp:serverguide/trunk
Andreas Hasenack (ahasenack)
Changed in serverguide:
status: New → In Progress
assignee: nobody → Andreas Hasenack (ahasenack)
Doug Smythies (dsmythies)
Changed in serverguide:
status: In Progress → Fix Committed
Doug Smythies (dsmythies)
Changed in serverguide:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.