From c60e8e4e19f6b80f657cf3fc28a9f07e58b58aa8 Mon Sep 17 00:00:00 2001 From: Quanah Gibson-Mount Date: Tue, 15 Dec 2009 21:37:39 +0000 Subject: [PATCH] ITS#6418,ITS#6424 --- CHANGES | 3 +++ doc/man/man5/slapd-meta.5 | 20 +++++++++---------- tests/data/regressions/its4448/its4448 | 4 ++-- .../data/regressions/its4448/slapd-meta.conf | 7 +++++-- 4 files changed, 19 insertions(+), 15 deletions(-) diff --git a/CHANGES b/CHANGES index 996ca5ec55..96b0cec517 100644 --- a/CHANGES +++ b/CHANGES @@ -14,6 +14,9 @@ OpenLDAP 2.4.21 Engineering Build Environment Deleted broken LBER_INVALID macro (ITS#6402) Fixed test058 kill usage (ITS#6420) + Fixed meta regression test (ITS#6418) + Documentation + slapd-meta(5) Note deprecated functions (ITS#6424) OpenLDAP 2.4.20 Release (2009/11/27) Fixed client tools with LDAP options (ITS#6283) diff --git a/doc/man/man5/slapd-meta.5 b/doc/man/man5/slapd-meta.5 index 2c0bc2c964..d6d3ef083c 100644 --- a/doc/man/man5/slapd-meta.5 +++ b/doc/man/man5/slapd-meta.5 @@ -174,7 +174,9 @@ overridden by any per-target directive. This directive, when set to .BR yes , causes the authentication to the remote servers with the pseudo-root -identity to be deferred until actually needed by subsequent operations. +identity (the identity defined in each +.B idassert-bind +directive) to be deferred until actually needed by subsequent operations. Otherwise, all binds as the rootdn are propagated to the targets. .TP @@ -539,19 +541,15 @@ specification. .TP .B pseudorootdn "" -This directive, if present, sets the DN that will be substituted to -the bind DN if a bind with the backend's "rootdn" succeeds. -The true "rootdn" of the target server ought not be used; an arbitrary -administrative DN should used instead. +Deprecated; use +.B idassert\-bind +instead. .TP .B pseudorootpw "" -This directive sets the credential that will be used in case a bind -with the backend's "rootdn" succeeds, and the bind is propagated to -the target using the "pseudorootdn" DN. - -Note: cleartext credentials must be supplied here; as a consequence, -using the pseudorootdn/pseudorootpw directives is inherently unsafe. +Deprecated; use +.B idassert\-bind +instead. .TP .B rewrite* ... diff --git a/tests/data/regressions/its4448/its4448 b/tests/data/regressions/its4448/its4448 index b7e97503ac..70715580fe 100755 --- a/tests/data/regressions/its4448/its4448 +++ b/tests/data/regressions/its4448/its4448 @@ -297,7 +297,7 @@ fi echo "Using ldapsearch to retrieve all the entries..." $LDAPSEARCH -S "" -b "$METABASEDN" -h $LOCALHOST -p $PORT3 \ - 'objectClass=*' > $SEARCHOUT 2>&1 + '(objectClass=*)' > $SEARCHOUT 2>&1 RC=$? test $KILLSERVERS != no && kill -HUP $KILLPIDS @@ -312,7 +312,7 @@ echo "Filtering ldapsearch results..." echo "Filtering original ldif used to create database..." . $LDIFFILTER < $METACONCURRENCYOUT > $LDIFFLT echo "Comparing filter output..." -$CMP $SEARCHFLT $LDIFFLT > $CMPOUT +$BCMP $SEARCHFLT $LDIFFLT > $CMPOUT if test $? != 0 ; then echo "comparison failed - slapd-meta search/modification didn't succeed" diff --git a/tests/data/regressions/its4448/slapd-meta.conf b/tests/data/regressions/its4448/slapd-meta.conf index 86cb00166c..575bee3c75 100644 --- a/tests/data/regressions/its4448/slapd-meta.conf +++ b/tests/data/regressions/its4448/slapd-meta.conf @@ -52,7 +52,10 @@ chase-referrals yes uri "@URI1@o=Example,c=US" suffixmassage "o=Example,c=US" "dc=example,dc=com" -pseudorootdn "cn=manager,dc=example,dc=com" -pseudorootpw secret +idassert-bind bindmethod=simple + binddn="cn=manager,dc=example,dc=com" + credentials=secret + mode=none +idassert-authzFrom "*" #monitor#database monitor -- 2.39.5