Your message dated Tue, 18 Jul 2006 15:17:33 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#370550: fixed in openldap2.3 2.3.24-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: slapd
Version: 2.2.23-8
Severity: minor
In order for password aging to work with LDAP, a user has to be able to
both read and change the "shadowLastChange" field in their user object.
I suggest the following be included in the default slapd.conf file,
possibly commented-out by default.
access to attrs=shadowLastChange
by dn="cn=admin,dc=example,dc=com" write
by self write
by * read
It seems it should be possible to just add this field to the attrs list
(after "userPassword") that limits access to reading the password, but
it doesn't work there for some reason I don't understand.
Brian
( [EMAIL PROTECTED] )
-------------------------------------------------------------------------------
We've all had "bad experiences", but there is no such thing as bad
experience.
--- End Message ---
--- Begin Message ---
Source: openldap2.3
Source-Version: 2.3.24-2
We believe that the bug you reported is fixed in the latest version of
openldap2.3, which is due to be installed in the Debian FTP archive:
ldap-utils_2.3.24-2_i386.deb
to pool/main/o/openldap2.3/ldap-utils_2.3.24-2_i386.deb
libldap-2.3-0_2.3.24-2_i386.deb
to pool/main/o/openldap2.3/libldap-2.3-0_2.3.24-2_i386.deb
openldap2.3_2.3.24-2.diff.gz
to pool/main/o/openldap2.3/openldap2.3_2.3.24-2.diff.gz
openldap2.3_2.3.24-2.dsc
to pool/main/o/openldap2.3/openldap2.3_2.3.24-2.dsc
slapd_2.3.24-2_i386.deb
to pool/main/o/openldap2.3/slapd_2.3.24-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthijs Mohlmann <[EMAIL PROTECTED]> (supplier of updated openldap2.3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 17 Jul 2006 18:22:45 +0200
Source: openldap2.3
Binary: slapd ldap-utils libldap-2.3-0
Architecture: source i386
Version: 2.3.24-2
Distribution: unstable
Urgency: low
Maintainer: Debian OpenLDAP Maintainers <[EMAIL PROTECTED]>
Changed-By: Matthijs Mohlmann <[EMAIL PROTECTED]>
Description:
ldap-utils - OpenLDAP utilities
libldap-2.3-0 - OpenLDAP libraries
slapd - OpenLDAP server (slapd)
Closes: 261696 292845 304488 306435 318143 319477 349011 354450 365172 367981
369352 370013 370550 372194 373233 378565
Changes:
openldap2.3 (2.3.24-2) unstable; urgency=low
.
* Switch slapd from running as root to running as user.
(Closes: #292845, #261696)
* Changing configuration in slapd.conf by the postinst will now also follow
includes. (Closes: #304488)
* Patches by Quanah Gibson-Mount <[EMAIL PROTECTED]>
- fix a lock bug with a virtual root entry in the BDB backend.
- fix boolean logic in the overlays.
- fix that slurpd can use ldaps.
- fix initialization of auditdb.
- fix TLS concurrency issues.
- fix exop password change that didn't reset pwdMustChange.
- fix syncrepl that fails when no rootdn is defined.
* Add dependency on adduser.
* Specify the PATH variable in the init script. (Closes: #367981)
* Added patch to read config before dropping privileges.
* epoll(4) system call is missing on kernels <2.6, this causes slapd to
not work on 2.4 kernels. Added patch that remove the #define in
portable.in (Closes: #369352, #372194, #373233)
* In 2.3.24 slapd won't segfault if the moduleload directive appears
somewhere else. (Closes: #349011)
* Removed fileutils dependency, it's superseeded in Sarge already.
(Closes: #370013)
* Use find in combination with mv to move an old directory away.
(Closes: #306435)
* Updated Dutch debconf translation (Closes: #365172)
* Added an example backup script that can be put into cron (Closes: #319477)
* Make the db directories 0700. On new installations this is the default.
(Closes: #354450)
* Get rid of a '.' in front of a domain. (Closes: #318143)
* Added shadowLastChange to the ACL in the default slapd.conf
(Closes: #370550)
* Updated Japanese translation (Closes: #378565)
Files:
a03af2424e48a82e70b81e8ed27b21a9 1193 net optional openldap2.3_2.3.24-2.dsc
e5f6f6139443603acb0227fe76c173d8 132265 net optional
openldap2.3_2.3.24-2.diff.gz
0e7b896ed4641d213f3423e9d562d516 1155294 net optional slapd_2.3.24-2_i386.deb
5ebae2129d63160e2055a0a99418dd65 151744 net optional
ldap-utils_2.3.24-2_i386.deb
fa696cf3e984221ee48ea96c0de7ea49 264624 libs important
libldap-2.3-0_2.3.24-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEvV3TdQgHtVUb5EcRAt1sAJwLbKat9Bz8enB7mO+uXh8H3COJeACcDiTC
MCYqmV5F9F3CA9Yq/073zO8=
=MDOj
-----END PGP SIGNATURE-----
--- End Message ---
