I now know where my problem is coming from.
On upgrade without warning or comment the dpkg script slapd.preinst
inserts the following access rules into the new cn=config configuration
database in the "dn: olcDatabase={-1}frontend,cn=config"
olcAccess: {0}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by *
break
olcAccess: {1}to dn.exact="" by * read
olcAccess: {2}to dn.base="cn=Subschema" by * read
If if it's a live system and you depend on the default openldap access
rules ( * by * read ) this is a sudden and (imho rude) change. Obviously
tightening security is admirable, but some warning would be appreciated.
So the problem is not the conversion to 'cn=config' it's the debian package.
--
Ray
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
