[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#3569) Issue with multiple suffixes in a single bdb backend
Full_Name: John de Freitas
Version: 2.2.23
OS: Linux (RH 7.3 kernel 2.4.18-3)
URL:
Submission from: (NULL) (67.93.141.190)
I am running OpenLDAP 2.2.23 with Sleepycat Berkeley DB 4.3.27 as the backend.
My slapd.conf has 2 suffixes for this backend (I added the BDB_MULTIPLE_SUFFIXES
preprocessor define to servers/slapd/back-bdb/init.c). The relevant portion of
my slapd.conf is:
database bdb
suffix "dc=example,dc=com"
suffix "o=My Certificate Authority"
rootdn "dn=Manager,dc=example,dc=com"
rootpwd secret
I can add entries under the first suffix without problem; I cannot for the
second. The error reported by slapd is:
<= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)
bdb_add: entry at root denied
I believe the problem is in servers/slapd/back-bdb/cache.c, in
bdb_cache_find_ndn().
The code there assumes that the current entry is for the first suffix:
/* we're searching a full DN from the root */
ptr = ndn->bv_val + ndn->bv_len -
op->o_bd->be_nsuffix[0].bv_len;
ei.bei_nrdn.bv_val = ptr;
ei.bei_nrdn.bv_len = op->o_bd->be_nsuffix[0].bv_len;
I can add using this first suffix, but in order to add entries for suffixes
2...N, the code would need to search through all op->o_bd->be_nsuffix
entries.Something like:
int i=0;
while(op->o_bd->be_nsuffix[i] != NULL) {
/* compare ndn->bv_val and op->o_bd->be_nsuffix[i]
* if match, break; if not, i++
*/
}
gdb confirms that ei.bei_nrdn.bv_val is incorrectly offset, and so the add fails
as slapd will then try to add an entry such as "cn=John,o=My Certificate
Authority" to the root, which won't be permitted.
Regards,
John de Freitas