trusty verification
reproducing the bug:
slapd:
Installed: 2.4.31-1+nmu2ubuntu8.4
Candidate: 2.4.31-1+nmu2ubuntu8.4
Version table:
*** 2.4.31-1+nmu2ubuntu8.4 0
500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
As soon as the consumer is setup, the provider
xenial verification
First confirming the bug
Package on the consumer:
root@xenial-consumer:~# apt-cache policy slapd
slapd:
Installed: 2.4.42+dfsg-2ubuntu3.3
Candidate: 2.4.42+dfsg-2ubuntu3.3
Version table:
*** 2.4.42+dfsg-2ubuntu3.3 500
500 http://br.archive.ubuntu.com/ubuntu
Bionic verification
Reproducing the bug with:
root@bionic-consumer:~# apt-cache policy slapd
slapd:
Installed: 2.4.45+dfsg-1ubuntu1
Candidate: 2.4.45+dfsg-1ubuntu1
Version table:
*** 2.4.45+dfsg-1ubuntu1 500
500 http://br.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
Cosmic verification
slapd package on the consumer:
Installed: 2.4.46+dfsg-5ubuntu1
Candidate: 2.4.46+dfsg-5ubuntu1
Version table:
*** 2.4.46+dfsg-5ubuntu1 500
500 http://br.archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
Confirming failed replication attempt:
provider:
Nov 16
trusty, xenial, bionic and cosmic packages uploaded to proposed, pending
approval from the sru team.
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1783183
Title:
apparmor profile denied
** Description changed:
[Impact]
When using syncrepl replication with openldap, the consumer needs to
authenticate to the provider in order to perform the searches and fetch the
data. When this authentication is a simple bind, a simple username/password
pair is used and that can be easily
** Attachment added: "setup-consumer.sh"
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1783183/+attachment/5204631/+files/setup-consumer.sh
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to the bug report.
** Attachment added: "setup-provider.sh"
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1783183/+attachment/5204630/+files/setup-provider.sh
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to the bug report.
** Description changed:
[Impact]
When using syncrepl replication with openldap, the consumer needs to
authenticate to the provider in order to perform the searches and fetch the
data. When this authentication is a simple bind, a simple username/password
pair is used and that can be easily
** Description changed:
[Impact]
+ When using syncrepl replication with openldap, the consumer needs to
authenticate to the provider in order to perform the searches and fetch the
data. When this authentication is a simple bind, a simple username/password
pair is used and that can be easily
** Description changed:
+ [Impact]
+
+ * An explanation of the effects of the bug on users and
+
+ * justification for backporting the fix to the stable release.
+
+ * In addition, it is helpful, but not required, to include an
+explanation of how the upload fixes this bug.
+
+ [Test
I used this for now:
root@bionic-slapd-consumer:/etc/apparmor.d# cat local/usr.sbin.slapd
# Site-specific additions and overrides for usr.sbin.slapd.
# For more details, please see /etc/apparmor.d/local/README.
/etc/krb5/user/[0-9]*/client.keytab rk,
/tmp/krb5cc_[0-9]* rwk,
I'm checking if
Confirmed finally, sorry for the delay. I'll get this fixed.
** Changed in: openldap (Ubuntu)
Status: Triaged => In Progress
** Changed in: openldap (Ubuntu)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
--
You received this bug notification because you are a member of
I didn't know about default_client_keytab_name. That's definitely handy,
so no more k5start needed!
Thanks for your explanation, it makes sense. I'll give it a whirl,
because I'll need to add testing instructions to the change that will be
proposed.
** Changed in: openldap (Ubuntu)
"/etc/krb5/user/389/client.keytab" feels like a local modification you
made, to store keytab files somewhere under /etc/krb5. I suggest you add
an apparmor exception in /etc/apparmor.d/local/usr.sbin.slapd.
Unless I'm wrong and that directory is being used as a standard location
by some package.
15 matches
Mail list logo