Ubuntu
openldap package

Bug #283239
Comment #2

Comment 2 for bug 283239

Revision history for this message

Konrad Mauz (kmauz) wrote on 2008-10-27: Re: [Bug 283239] Re: objectclass filter bug in rwm overlay module of slapd 2.4.9

On Mon, Oct 27, 2008 at 11:56:42AM -0000, Mathias Gug wrote:
> Thank you for taking the time to report this bug and helping to make
> Ubuntu better.
>
> Could you provide specific steps to recreate this bug?
>
> This will help us to find and resolve the problem.
>
> ** Changed in: openldap (Ubuntu)
> Status: New => Incomplete

1.) Configure libnss-ldap on a Linux Client to use LDAP as NSS Source
for group, passwd and shadow

2.) On the server try this config:

    -- start --
    database ldap
    suffix "dc=example,dc=org"
    uri "ldap://realldapserver.example.org"
    overlay rwm
    rwm-rewriteEngine on
    rwm-normalize-mapped-attrs yes

    rwm-map attribute cn *
    rwm-map attribute uid *
    rwm-map attribute uidnumber *
    rwm-map attribute loginshell *
    rwm-map attribute gidnumber *
    rwm-map attribute userpassword *
    rwm-map attribute gecos *
    rwm-map attribute shadowlastchange *
    rwm-map attribute shadowexpire *
    rwm-map attribute homedirectory *
    rwm-map attribute shadowMin *
    rwm-map attribute shadowMax *
    rwm-map attribute shadowWarning *
    rwm-map attribute shadowInactive *
    rwm-map attribute shadowFlag *
    rwm-map attribute memberUid *
    rwm-map attribute uniqueMember *
    rwm-map attribute description *
    rwm-map attribute sn *
    rwm-map attribute givenname *
    rwm-map attribute mail *
    rwm-map attribute *
    -- end --

all other attributes are hidden ( objectclass attribute inclusive
;-(( ).

    The nss ldap client is now unable to find a user since the ldap
    filter (&(uid=xyz)(objectclass=posixaccount)) allways returns null
    entries.

    If you comment out the last line ( rwm-map attribute * ) then
    everything works OK, but all attributes are delivered to the
    client! We have more attributes on the "realldapserver" but we only
    want to provide the attributes needed for nss.

I have compiled the version 2.4.12 from source and the bug is gone. So I
think it would be nice to backport the patch which is in 2.4.12 to 2.4.9
( Ubuntu Version ) or to update the openldap package to 2.4.12.

Regards,

Konrad

--
Konrad Mauz
Rechenzentrum
Hochschule Technik, Wirtschaft und Gestaltung
Braunegger-Strasse 55, D 78462 Konstanz
e-mail: <email address hidden>
Tel.: +49 7531 206-472
Fax.: +49 7531 206-153

On Mon, Oct 27, 2008 at 11:56:42AM -0000, Mathias Gug wrote:
> Thank you for taking the time to report this bug and helping to make
> Ubuntu better.
> 
> Could you provide specific steps to recreate this bug?
> 
> This will help us to find and resolve the problem.
> 
> ** Changed in: openldap (Ubuntu)
>        Status: New => Incomplete

1.) Configure libnss-ldap on a Linux Client to use LDAP as NSS Source
for group, passwd and shadow

2.) On the server try this config:

-- start --
    database        ldap
    suffix          "dc=example,dc=org"
    uri             "ldap://realldapserver.example.org"
    overlay         rwm
    rwm-rewriteEngine on
    rwm-normalize-mapped-attrs yes

all other attributes are hidden ( objectclass attribute inclusive
    ;-(( ).

The nss ldap client is now unable to find a user since the ldap
    filter (&(uid=xyz)(objectclass=posixaccount)) allways returns null
    entries.

Regards,

Konrad

-- 
Konrad Mauz 
Rechenzentrum
Hochschule Technik, Wirtschaft und Gestaltung
Braunegger-Strasse 55, D 78462 Konstanz                                         
e-mail: kmauz@htwg-konstanz.de
Tel.:   +49 7531 206-472
Fax.:   +49 7531 206-153

Ubuntuopenldap package

Comment 2 for bug 283239

Ubuntu
openldap package