Public bug reported:
Hi,
the openldap server slapd comes with two configuration options, the old
one based on slapd.conf, and a new one based on ldifs.
The debian/ubuntu package performs some obscure magic to generate a ldif
based config in /etc/slapd/slapd.d, but does not provide any hint or
documentation about how to change/adjust it. E.g. if the package was
installed non-interactively through puppet or ansible, it is not obvious
where the root password comes from or how to change it or how to re-
setup.
Furthermore it is a security gap to create something like
dn: dc=buero,dc=danisch,dc=de
objectClass: top
objectClass: dcObject
objectClass: organization
o: buero.danisch.de
dc: buero
structuralObjectClass: organization
entryUUID: 4f765744-85aa-1037-9ee9-1db94ae2a6d4
creatorsName: cn=admin,dc=buero,dc=danisch,dc=de
createTimestamp: 20180104145011Z
entryCSN: 20180104145011.817411Z#000000#000#000000
modifiersName: cn=admin,dc=buero,dc=danisch,dc=de
modifyTimestamp: 20180104145011Z
dn: cn=admin,dc=buero,dc=danisch,dc=de
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9aUlUVXlxNE9ZWFFuZjA1ejhqem0yWnJpY09xaGxBc0Y=
structuralObjectClass: organizationalRole
entryUUID: 4f79fd9a-85aa-1037-9eea-1db94ae2a6d4
creatorsName: cn=admin,dc=buero,dc=danisch,dc=de
createTimestamp: 20180104145011Z
entryCSN: 20180104145011.841518Z#000000#000#000000
modifiersName: cn=admin,dc=buero,dc=danisch,dc=de
modifyTimestamp: 20180104145011Z
and
olcRootDN: cn=admin,dc=buero,dc=danisch,dc=de
olcRootPW:: e1NTSEF9aUlUVXlxNE9ZWFFuZjA1ejhqem0yWnJpY09xaGxBc0Y=
that contains an admin password without me ever having set it or having a
randomly generated one.
Since I do not see how to cleanly change this with ldapmodify, I do not
see an option to remove this all and restart with an old-style
slapd.conf.
regards
** Affects: openldap (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1742123
Title:
obscure slapd configuration
Status in openldap package in Ubuntu:
New
Bug description:
Hi,
the openldap server slapd comes with two configuration options, the
old one based on slapd.conf, and a new one based on ldifs.
The debian/ubuntu package performs some obscure magic to generate a
ldif based config in /etc/slapd/slapd.d, but does not provide any hint
or documentation about how to change/adjust it. E.g. if the package
was installed non-interactively through puppet or ansible, it is not
obvious where the root password comes from or how to change it or how
to re-setup.
Furthermore it is a security gap to create something like
dn: dc=buero,dc=danisch,dc=de
objectClass: top
objectClass: dcObject
objectClass: organization
o: buero.danisch.de
dc: buero
structuralObjectClass: organization
entryUUID: 4f765744-85aa-1037-9ee9-1db94ae2a6d4
creatorsName: cn=admin,dc=buero,dc=danisch,dc=de
createTimestamp: 20180104145011Z
entryCSN: 20180104145011.817411Z#000000#000#000000
modifiersName: cn=admin,dc=buero,dc=danisch,dc=de
modifyTimestamp: 20180104145011Z
dn: cn=admin,dc=buero,dc=danisch,dc=de
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9aUlUVXlxNE9ZWFFuZjA1ejhqem0yWnJpY09xaGxBc0Y=
structuralObjectClass: organizationalRole
entryUUID: 4f79fd9a-85aa-1037-9eea-1db94ae2a6d4
creatorsName: cn=admin,dc=buero,dc=danisch,dc=de
createTimestamp: 20180104145011Z
entryCSN: 20180104145011.841518Z#000000#000#000000
modifiersName: cn=admin,dc=buero,dc=danisch,dc=de
modifyTimestamp: 20180104145011Z
and
olcRootDN: cn=admin,dc=buero,dc=danisch,dc=de
olcRootPW:: e1NTSEF9aUlUVXlxNE9ZWFFuZjA1ejhqem0yWnJpY09xaGxBc0Y=
that contains an admin password without me ever having set it or having a
randomly generated one.
Since I do not see how to cleanly change this with ldapmodify, I do
not see an option to remove this all and restart with an old-style
slapd.conf.
regards
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1742123/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
