Also, should the edits made to the the olcDatabase={-1}frontend.ldif file include granting
to dn.base="" by * read'
permissions, too? It appears that that statement exists in (for example) the Hardy version of slapd.conf, but the slapd.conf -> slapd.d conversion migrates it to the olcDatabase={1}hdb.ldif file only.
In slapd 2.4.21-0ubuntu4, the slapd.init.ldif f was edited to include that access in the dn: olcDatabase={-1}frontend,cn=config section (LP#427842), but no attempt was made to get that permission fixed up after a the slapd.conf -> slapd.d conversion.
(LPb#427842 also includes a
to dn.base="cn=subschema" by * read
permission line. I don't see that line in my old slpad.conf file, but based on the discussion in that bug, I'm wondering if the postinst script should be adding it to the {-1}frontend.ldif file as well?)
Also, should the edits made to the the olcDatabase= {-1}frontend. ldif file include granting {1}hdb. ldif file only.
to dn.base="" by * read'
permissions, too? It appears that that statement exists in (for example) the Hardy version of slapd.conf, but the slapd.conf -> slapd.d conversion migrates it to the olcDatabase=
In slapd 2.4.21-0ubuntu4, the slapd.init.ldif f was edited to include that access in the dn: olcDatabase= {-1}frontend, cn=config section (LP#427842), but no attempt was made to get that permission fixed up after a the slapd.conf -> slapd.d conversion.
(LPb#427842 also includes a "cn=subschema" by * read
to dn.base=
permission line. I don't see that line in my old slpad.conf file, but based on the discussion in that bug, I'm wondering if the postinst script should be adding it to the {-1}frontend.ldif file as well?)
Nathan