Muehlenhoff has submitted this change and it was merged. Change subject: Enable deref overlay ......................................................................
Enable deref overlay There are plenty of slap_global_control: unrecognized control: 1.3.6.1.4.1.4203.666.5.16 entries logged on seaborgium and serpens. These are caused by LDAP clients using the LDAP dereference control as described in https://tools.ietf.org/html/draft-masarati-ldap-deref-00. This can reproduced with e.g. ldapsearch (...) -E deref=uniqueMember:uid cn="Directory Managers" The available controls can be shown with ldapsearch -xLLL -b "" -s base supportedControl The configure script in the openldap package in Debian is wrong; the deref overlay _is_ build as a module by default, explicitly passing --enable-deref to the configure script is not needed. I've tested this in vagrant and the overlay works fine. Change-Id: I22bb5945c717cd64780edf131965ae0a10a2e3c6 --- M modules/openldap/templates/slapd.erb 1 file changed, 3 insertions(+), 0 deletions(-) Approvals: Muehlenhoff: Verified; Looks good to me, approved Alexandros Kosiaris: Looks good to me, but someone else must approve diff --git a/modules/openldap/templates/slapd.erb b/modules/openldap/templates/slapd.erb index 204bd0b..dd36c95 100644 --- a/modules/openldap/templates/slapd.erb +++ b/modules/openldap/templates/slapd.erb @@ -38,6 +38,7 @@ moduleload syncprov moduleload auditlog moduleload ppolicy +moduleload deref # Maximum number of entries that is returned for a search operation <% if @size_limit then %> @@ -80,6 +81,8 @@ overlay auditlog auditlog /var/lib/ldap/slapd-audit.log +overlay deref + ####################################################################### ## Password policy (default is to store passwords in plaintext) # This policy will store passwords an unsalted SHA1 hashes. -- To view, visit https://gerrit.wikimedia.org/r/257866 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I22bb5945c717cd64780edf131965ae0a10a2e3c6 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Muehlenhoff <[email protected]> Gerrit-Reviewer: Alexandros Kosiaris <[email protected]> Gerrit-Reviewer: Muehlenhoff <[email protected]> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
