Bug 746758

Summary: minssf should not apply to rootdse
Product: [Fedora] Fedora Reporter: Jr Aquino <jr.aquino>
Component: 389-ds-baseAssignee: Rich Megginson <rmeggins>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 15CC: edewata, nhosoi, nkinder, rmeggins
Target Milestone: ---Keywords: screened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 768086 (view as bug list) Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 690319, 768086    

Description Jr Aquino 2011-10-17 13:33:20 EDT
Description of problem:
LDAP Standard requires that rootdse be always available anonymously and unencrypted.

389 DS prevents the lookup when minssf is set and an unencrypted query for rootdse is performed.

How reproducible:
Always

Steps to Reproduce:
1. Set minssf in dse.ldif
2. ldapsearch -x -H ldap://`hostname` -s base -b ""
3. ldap_bind: Server is unwilling to perform (53)
	additional info: Minimum SSF not met.
  
Actual results:
ldap_bind: Server is unwilling to perform (53)
	additional info: Minimum SSF not met.

Expected results:
To return results for rootdse

Additional info:
Comment 2 Rich Megginson 2012-01-09 10:35:54 EST
Upstream ticket:
https://fedorahosted.org/389/ticket/168
Comment 3 Noriko Hosoi 2012-01-18 14:13:03 EST
Fixed.

See https://fedorahosted.org/389/ticket/168#comment:8 for the steps to verify.
Comment 4 Fedora End Of Life 2012-08-06 15:56:10 EDT
This message is a notice that Fedora 15 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 15. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained.  At this time, all open bugs with a Fedora 'version'
of '15' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this 
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen 
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we were unable to fix it before Fedora 15 reached end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" (top right of this page) and open it against that 
version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 5 Fedora End Of Life 2012-08-06 15:58:29 EDT
This message is a notice that Fedora 15 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 15. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained.  At this time, all open bugs with a Fedora 'version'
of '15' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this 
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen 
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we were unable to fix it before Fedora 15 reached end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" (top right of this page) and open it against that 
version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping