Merge ~ahasenack/ubuntu/+source/openldap:cosmic-slapd-gssapi-apparmor-1783183 into ubuntu/+source/openldap:ubuntu/cosmic-devel
Status: | Merged |
---|---|
Approved by: | Andreas Hasenack |
Approved revision: | 88fa81d408bc03d74c091640524f67d0bff9659e |
Merged at revision: | 88fa81d408bc03d74c091640524f67d0bff9659e |
Proposed branch: | ~ahasenack/ubuntu/+source/openldap:cosmic-slapd-gssapi-apparmor-1783183 |
Merge into: | ubuntu/+source/openldap:ubuntu/cosmic-devel |
Diff against target: |
29 lines (+10/-0) 2 files modified
debian/apparmor-profile (+2/-0) debian/changelog (+8/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Christian Ehrhardt (community) | Approve | ||
Seth Arnold (community) | Approve | ||
Canonical Server | Pending | ||
Review via email: mp+357712@code.launchpad.net |
Description of the change
Add two rules to the slapd apparmor profile to allow for ldap replication using gssapi/kerberos authentication via the default_
Testing this setup is complicated, so I wrote scripts to help and configure each of the services involved in this: the kerberos server (KDC), openldap provider, and openldap consumer. The instructions are in the linked bug.
This can't land anywhere until ubnutu-DD is open, but reviews can be done already in preparation for that. As soon as DD opens, I'll make an MP for it as well.
I want to push this to Debian too, but I'd like reviews here first before doing that. Since it's not a quilt patch, there is no need to update a DEP3 header. But I'll update our changelog to close the upcoming debian bug when I have that.
I'll ask the security team to take a look at the suggested apparmor changes and get their blessing as well.
Bileto ticket and PPA: https:/
There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.
Looks good to me, thanks.