Commit c60e8e4e authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#6418,ITS#6424

parent 9b1b2841
......@@ -14,6 +14,9 @@ OpenLDAP 2.4.21 Engineering
Build Environment
Deleted broken LBER_INVALID macro (ITS#6402)
Fixed test058 kill usage (ITS#6420)
Fixed meta regression test (ITS#6418)
Documentation
slapd-meta(5) Note deprecated functions (ITS#6424)
OpenLDAP 2.4.20 Release (2009/11/27)
Fixed client tools with LDAP options (ITS#6283)
......
......@@ -174,7 +174,9 @@ overridden by any per-target directive.
This directive, when set to
.BR yes ,
causes the authentication to the remote servers with the pseudo-root
identity to be deferred until actually needed by subsequent operations.
identity (the identity defined in each
.B idassert-bind
directive) to be deferred until actually needed by subsequent operations.
Otherwise, all binds as the rootdn are propagated to the targets.
.TP
......@@ -539,19 +541,15 @@ specification.
.TP
.B pseudorootdn "<substitute DN in case of rootdn bind>"
This directive, if present, sets the DN that will be substituted to
the bind DN if a bind with the backend's "rootdn" succeeds.
The true "rootdn" of the target server ought not be used; an arbitrary
administrative DN should used instead.
Deprecated; use
.B idassert\-bind
instead.
.TP
.B pseudorootpw "<substitute password in case of rootdn bind>"
This directive sets the credential that will be used in case a bind
with the backend's "rootdn" succeeds, and the bind is propagated to
the target using the "pseudorootdn" DN.
Note: cleartext credentials must be supplied here; as a consequence,
using the pseudorootdn/pseudorootpw directives is inherently unsafe.
Deprecated; use
.B idassert\-bind
instead.
.TP
.B rewrite* ...
......
......@@ -297,7 +297,7 @@ fi
echo "Using ldapsearch to retrieve all the entries..."
$LDAPSEARCH -S "" -b "$METABASEDN" -h $LOCALHOST -p $PORT3 \
'objectClass=*' > $SEARCHOUT 2>&1
'(objectClass=*)' > $SEARCHOUT 2>&1
RC=$?
test $KILLSERVERS != no && kill -HUP $KILLPIDS
......@@ -312,7 +312,7 @@ echo "Filtering ldapsearch results..."
echo "Filtering original ldif used to create database..."
. $LDIFFILTER < $METACONCURRENCYOUT > $LDIFFLT
echo "Comparing filter output..."
$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
$BCMP $SEARCHFLT $LDIFFLT > $CMPOUT
if test $? != 0 ; then
echo "comparison failed - slapd-meta search/modification didn't succeed"
......
......@@ -52,7 +52,10 @@ chase-referrals yes
uri "@URI1@o=Example,c=US"
suffixmassage "o=Example,c=US" "dc=example,dc=com"
pseudorootdn "cn=manager,dc=example,dc=com"
pseudorootpw secret
idassert-bind bindmethod=simple
binddn="cn=manager,dc=example,dc=com"
credentials=secret
mode=none
idassert-authzFrom "*"
#monitor#database monitor
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment