ITS#6418,ITS#6424

c60e8e4e · Quanah Gibson-Mount · 9b1b2841 · c60e8e4e · c60e8e4e · c60e8e4e
Commit c60e8e4e authored Dec 15, 2009 by Quanah Gibson-Mount
--- a/CHANGES
+++ b/CHANGES
@@ -14,6 +14,9 @@ OpenLDAP 2.4.21 Engineering
 	Build Environment
 		Deleted broken LBER_INVALID macro (ITS#6402)
 		Fixed test058 kill usage (ITS#6420)
+		Fixed meta regression test (ITS#6418)
+	Documentation
+		slapd-meta(5) Note deprecated functions (ITS#6424)

 OpenLDAP 2.4.20 Release (2009/11/27)
 	Fixed client tools with LDAP options (ITS#6283)

--- a/doc/man/man5/slapd-meta.5
+++ b/doc/man/man5/slapd-meta.5
@@ -174,7 +174,9 @@ overridden by any per-target directive.
 This directive, when set to 
 .BR yes ,
 causes the authentication to the remote servers with the pseudo-root
-identity to be deferred until actually needed by subsequent operations.
+identity (the identity defined in each
+.B idassert-bind
+directive) to be deferred until actually needed by subsequent operations.
 Otherwise, all binds as the rootdn are propagated to the targets.

 .TP
@@ -539,19 +541,15 @@ specification.

 .TP
 .B pseudorootdn "<substitute DN in case of rootdn bind>"
-This directive, if present, sets the DN that will be substituted to
-the bind DN if a bind with the backend's "rootdn" succeeds.
-The true "rootdn" of the target server ought not be used; an arbitrary
-administrative DN should used instead.
+Deprecated; use
+.B idassert\-bind
+instead.

 .TP
 .B pseudorootpw "<substitute password in case of rootdn bind>"
-This directive sets the credential that will be used in case a bind
-with the backend's "rootdn" succeeds, and the bind is propagated to
-the target using the "pseudorootdn" DN.
-
-Note: cleartext credentials must be supplied here; as a consequence,
-using the pseudorootdn/pseudorootpw directives is inherently unsafe.
+Deprecated; use
+.B idassert\-bind
+instead.

 .TP
 .B rewrite* ...

--- a/tests/data/regressions/its4448/its4448
+++ b/tests/data/regressions/its4448/its4448
@@ -297,7 +297,7 @@ fi

 echo "Using ldapsearch to retrieve all the entries..."
 $LDAPSEARCH -S "" -b "$METABASEDN" -h $LOCALHOST -p $PORT3 \
-			'objectClass=*' > $SEARCHOUT 2>&1
+			'(objectClass=*)' > $SEARCHOUT 2>&1
 RC=$?

 test $KILLSERVERS != no && kill -HUP $KILLPIDS
@@ -312,7 +312,7 @@ echo "Filtering ldapsearch results..."
 echo "Filtering original ldif used to create database..."
 . $LDIFFILTER < $METACONCURRENCYOUT > $LDIFFLT
 echo "Comparing filter output..."
-$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+$BCMP $SEARCHFLT $LDIFFLT > $CMPOUT

 if test $? != 0 ; then
 	echo "comparison failed - slapd-meta search/modification didn't succeed"

--- a/tests/data/regressions/its4448/slapd-meta.conf
+++ b/tests/data/regressions/its4448/slapd-meta.conf
@@ -52,7 +52,10 @@ chase-referrals	yes

 uri		"@URI1@o=Example,c=US"
 suffixmassage	"o=Example,c=US" "dc=example,dc=com"
-pseudorootdn	"cn=manager,dc=example,dc=com"
-pseudorootpw	secret
+idassert-bind	bindmethod=simple
+		binddn="cn=manager,dc=example,dc=com"
+		credentials=secret
+		mode=none
+idassert-authzFrom "*"

 #monitor#database	monitor