ITS#6418,ITS#6424

diff --git a/CHANGES b/CHANGES
index 996ca5ec550efb624a1b95bc4be2c32631e1d6c8..96b0cec517dd698bdeb86e7c3a2ea187f54e54c1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -14,6 +14,9 @@ OpenLDAP 2.4.21 Engineering
        Build Environment
                Deleted broken LBER_INVALID macro (ITS#6402)
                Fixed test058 kill usage (ITS#6420)
+               Fixed meta regression test (ITS#6418)
+       Documentation
+               slapd-meta(5) Note deprecated functions (ITS#6424)
 
 OpenLDAP 2.4.20 Release (2009/11/27)
        Fixed client tools with LDAP options (ITS#6283)

diff --git a/doc/man/man5/slapd-meta.5 b/doc/man/man5/slapd-meta.5
index 2c0bc2c964fe901bb6c481e9f851f01fb95b23d7..d6d3ef083c30efb07751ae9a3f777784acadd970 100644 (file)
--- a/doc/man/man5/slapd-meta.5
+++ b/doc/man/man5/slapd-meta.5
@@ -174,7 +174,9 @@ overridden by any per-target directive.
 This directive, when set to 
 .BR yes ,
 causes the authentication to the remote servers with the pseudo-root
-identity to be deferred until actually needed by subsequent operations.
+identity (the identity defined in each
+.B idassert-bind
+directive) to be deferred until actually needed by subsequent operations.
 Otherwise, all binds as the rootdn are propagated to the targets.
 
 .TP
@@ -539,19 +541,15 @@ specification.
 
 .TP
 .B pseudorootdn "<substitute DN in case of rootdn bind>"
-This directive, if present, sets the DN that will be substituted to
-the bind DN if a bind with the backend's "rootdn" succeeds.
-The true "rootdn" of the target server ought not be used; an arbitrary
-administrative DN should used instead.
+Deprecated; use
+.B idassert\-bind
+instead.
 
 .TP
 .B pseudorootpw "<substitute password in case of rootdn bind>"
-This directive sets the credential that will be used in case a bind
-with the backend's "rootdn" succeeds, and the bind is propagated to
-the target using the "pseudorootdn" DN.
-
-Note: cleartext credentials must be supplied here; as a consequence,
-using the pseudorootdn/pseudorootpw directives is inherently unsafe.
+Deprecated; use
+.B idassert\-bind
+instead.
 
 .TP
 .B rewrite* ...

diff --git a/tests/data/regressions/its4448/its4448 b/tests/data/regressions/its4448/its4448
index b7e97503ac06c168f77d5675ca346686c884d0b7..70715580fe83bee83e905314271f6e08582abd45 100755 (executable)
--- a/tests/data/regressions/its4448/its4448
+++ b/tests/data/regressions/its4448/its4448
@@ -297,7 +297,7 @@ fi
 
 echo "Using ldapsearch to retrieve all the entries..."
 $LDAPSEARCH -S "" -b "$METABASEDN" -h $LOCALHOST -p $PORT3 \
-                       'objectClass=*' > $SEARCHOUT 2>&1
+                       '(objectClass=*)' > $SEARCHOUT 2>&1
 RC=$?
 
 test $KILLSERVERS != no && kill -HUP $KILLPIDS
@@ -312,7 +312,7 @@ echo "Filtering ldapsearch results..."
 echo "Filtering original ldif used to create database..."
 . $LDIFFILTER < $METACONCURRENCYOUT > $LDIFFLT
 echo "Comparing filter output..."
-$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+$BCMP $SEARCHFLT $LDIFFLT > $CMPOUT
 
 if test $? != 0 ; then
        echo "comparison failed - slapd-meta search/modification didn't succeed"

diff --git a/tests/data/regressions/its4448/slapd-meta.conf b/tests/data/regressions/its4448/slapd-meta.conf
index 86cb00166c811be7b9f30074b5700049dd23a804..575bee3c75286524f71e153c9a13b38ea022a235 100644 (file)
--- a/tests/data/regressions/its4448/slapd-meta.conf
+++ b/tests/data/regressions/its4448/slapd-meta.conf
@@ -52,7 +52,10 @@ chase-referrals      yes
 
 uri            "@URI1@o=Example,c=US"
 suffixmassage  "o=Example,c=US" "dc=example,dc=com"
-pseudorootdn   "cn=manager,dc=example,dc=com"
-pseudorootpw   secret
+idassert-bind  bindmethod=simple
+               binddn="cn=manager,dc=example,dc=com"
+               credentials=secret
+               mode=none
+idassert-authzFrom "*"
 
 #monitor#database      monitor