[Touch-packages] [Bug 1742123] Re: obscure slapd configuration

Wed, 10 Jan 2018 11:21:34 -0800 

Since in the above I show you how to:

1) Why a random password gets set
2) Set the password non-interactively
3) Change the password

I am going to move this to incomplete and await your response as to if
further action needs to be taken. Frankly, I don't see this as a bug in
Ubuntu, other than the slight possibility of missing documentation.

Hope this all helps you,
Thanks!

** Changed in: openldap (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1742123

Title:
  obscure slapd configuration

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Hi,

  the openldap server slapd comes with two configuration options, the
  old one based on slapd.conf, and a new one based on ldifs.

  The debian/ubuntu package performs some obscure magic to generate a
  ldif based config in /etc/slapd/slapd.d, but does not provide any hint
  or documentation about how to change/adjust it. E.g. if the package
  was installed non-interactively through puppet or ansible, it is not
  obvious where the root password comes from or how to change it or how
  to re-setup.

  Furthermore it is a security gap to create something like

  dn: dc=buero,dc=danisch,dc=de
  objectClass: top
  objectClass: dcObject
  objectClass: organization
  o: buero.danisch.de
  dc: buero
  structuralObjectClass: organization
  entryUUID: 4f765744-85aa-1037-9ee9-1db94ae2a6d4
  creatorsName: cn=admin,dc=buero,dc=danisch,dc=de
  createTimestamp: 20180104145011Z
  entryCSN: 20180104145011.817411Z#000000#000#000000
  modifiersName: cn=admin,dc=buero,dc=danisch,dc=de
  modifyTimestamp: 20180104145011Z

  dn: cn=admin,dc=buero,dc=danisch,dc=de
  objectClass: simpleSecurityObject
  objectClass: organizationalRole
  cn: admin
  description: LDAP administrator
  userPassword:: e1NTSEF9aUlUVXlxNE9ZWFFuZjA1ejhqem0yWnJpY09xaGxBc0Y=
  structuralObjectClass: organizationalRole
  entryUUID: 4f79fd9a-85aa-1037-9eea-1db94ae2a6d4
  creatorsName: cn=admin,dc=buero,dc=danisch,dc=de
  createTimestamp: 20180104145011Z
  entryCSN: 20180104145011.841518Z#000000#000#000000
  modifiersName: cn=admin,dc=buero,dc=danisch,dc=de
  modifyTimestamp: 20180104145011Z

  and

  olcRootDN: cn=admin,dc=buero,dc=danisch,dc=de
  olcRootPW:: e1NTSEF9aUlUVXlxNE9ZWFFuZjA1ejhqem0yWnJpY09xaGxBc0Y=

  
  that contains an admin password without me ever having set it or having a 
randomly generated one.

  Since I do not see how to cleanly change this with ldapmodify, I do
  not see an option to remove this all and restart with an old-style
  slapd.conf.

  
  regards

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1742123/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to