#3687 LDAP server edit_acl.cgi DN shown is truncated

1.510
closed-fixed
5
2010-06-10
2010-06-05
Ilya
No

In LDAP server > LDAP access control some entries are truncated, e.g. I have in the webmin:
All objects by dn="cn=foo,dc=mysite,dc=example,dc=net"
All objects by dn="cn=foo,dc=mysite,dc=example,dc=
Second entry is truncated.
Also, it looks like permissions are not correct for both entries.

One peculiarity, if I do "ldapsearch ... -b cn=config" the output is wrapped to a fixed width:
dn: olcDatabase={1}hdb,cn=config
...
olcAccess: {0}to attrs=userPassword by dn="cn=foo,dc=mysite,dc=example,dc=com"
write by anonymous auth by self write by * none
olcAccess: {1}to attrs=shadowLastChange by dn="cn=foo,dc=mysite,dc=example,dc=
com" write by anonymous auth by self write by * none

... this line-wrapping coincides with Webmin's truncation.

I'm using Ubuntu Lucid Lynx 10.04, amd64

Discussion

  • Jamie Cameron

    Jamie Cameron - 2010-06-06

    If you click on an entry, does it show the DN correctly on the "Edit Access Control Rule" page?

     
  • Ilya

    Ilya - 2010-06-07

    >If you click on an entry, does it show the DN correctly on the "Edit Access
    Control Rule" page?
    No, on the edit page the DN entry is also truncated the same way as on the above page. Also, the permissions are incorrect.

     
  • Jamie Cameron

    Jamie Cameron - 2010-06-07

    So in the config files under /etc/ldap/slapd.d , doe the olcAccess lines have the correct un-truncated values?

     
  • Ilya

    Ilya - 2010-06-07

    > So in the config files under /etc/ldap/slapd.d , doe the olcAccess lines have the correct un-truncated values?

    Grep shows truncated:

    root@fs1:/etc/ldap/slapd.d# grep olcAccess -R *
    cn=config/olcDatabase={1}hdb.ldif:olcAccess: {0}to attrs=userPassword by dn="cn=foo,dc=mysite,dc=example,dc=com"
    cn=config/olcDatabase={1}hdb.ldif:olcAccess: {1}to attrs=shadowLastChange by dn="cn=foo,dc=mysite,dc=example,dc=
    cn=config/olcDatabase={1}hdb.ldif:olcAccess: {2}to dn.base="" by * read
    cn=config/olcDatabase={1}hdb.ldif:olcAccess: {3}to * by dn="cn=foo,dc=mysite,dc=example,dc=com" write by * read
    cn=config/olcDatabase={1}hdb.ldif:olcAccess: {4}to dn.subtree="" by * read
    ...
    ===================

    And ldapsearch shows broken into lines:

    dn: olcDatabase={1}hdb,cn=config
    ...
    olcAccess: {0}to attrs=userPassword by dn="cn=foo,dc=mysite,dc=example,dc=com"
    write by anonymous auth by self write by * none
    olcAccess: {1}to attrs=shadowLastChange by dn="cn=foo,dc=mysite,dc=example,dc=
    com" write by anonymous auth by self write by * none
    ===================

    Your question implies that Webmin is 1). Reads the files directly 2). Is not expecting line breaks

    Apparently OpenLDAP has line breaks in its data, and it handles it without problems.

     
  • Jamie Cameron

    Jamie Cameron - 2010-06-07

    Yes, Webmin reads those config files directly.

    Would it be possible for you to attach that config file to this bug report, so I can see exactly what truncation / splitting is happening?

     
  • Ilya

    Ilya - 2010-06-08

    Offending ldif file

     
  • Ilya

    Ilya - 2010-06-08

    >Would it be possible for you to attach that config file to this bug
    report, so I can see exactly what truncation / splitting is happening?

    Here you go.

     
  • Jamie Cameron

    Jamie Cameron - 2010-06-09

    Thanks .. I am working on a fix for this now.

     
  • Jamie Cameron

    Jamie Cameron - 2010-06-10
    • status: open --> closed-fixed
     
  • Jamie Cameron

    Jamie Cameron - 2010-06-10

    This will be fixed in Webmin 1.520 - thanks for reporting this bug.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks