[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4086) rwm-mapping problem

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4086) rwm-mapping problem
From: ando@sys-net.it
Date: Thu, 13 Oct 2005 20:49:04 GMT

I've committed a fix that temporarily solves your problem - i.e. no more
core dumps.

However I think that part of the code needs some review.  In fact, if
you map some attributes to nothing, and they're used in a filter, it is
unclear (to me) what would be the most appropriate behavior.  If the
related assertion is (silently) removed from the filter, the semantics
of the filter is changed; so it may seem appropriate to reject the
operation.  The fix just committed returns LDAP_OTHER since the current
behavior reflects the fact that it is the result of an implementation
specific error condition.

Another approach would be to turn that assertion into an undefined
filter, letting the operation to continue accordingly.  I currently
favor this second option, but it may require a bit more work.

p.

On Thu, 2005-10-13 at 12:56 +0000, dwanek@state.nd.us wrote:
> Full_Name: Dan Wanek
> Version: 2.3.9
> OS: Debian Linux - kernel 2.6..12.2
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (165.234.84.220)
> 
> 
> I am setting up a OpenLDAP front-end proxy that allows limited access to an
> Active Directory target server and am a little stumped on an issue that keeps
> causing an Abort to the OpenLDAP proxy.  Any time a search filter is sent
> through that is mapped to nothing the server will abort.  Here are my mappings:
> 
> overlay rwm
> rwm-map objectclass  account user
> rwm-map attribute    uid     sAMAccountname
> rwm-map attribute    cn      name
> rwm-map attribute    sn      sn
> rwm-map attribute    mail    mail
> rwm-map attribute    ou      company
> rwm-map attribute    entry   entry
> rwm-map attribute    *
> 
> So if I specify a search query that I DONâ??T want users to access such as
> (telephoneNumber=8888*) the OpenLDAP server will abort with the following:
> 
> slapd: result.c:538: slap_send_ldap_result: Assertion `!((rs->sr_err)<0)'
> failed.
> Aborted
> 
> If I add the attribute that is breaking the server to the rwm-map list, like the
> following, it works fine but I donâ??t want users to have access to that
> attribute, so Iâ??m a little stuck.
> rwm-map attribute    telephoneNumber  telephoneNumber
> 
> I get the error with the MS Outlook address book and using the ldapsearch
> command directly.
> 
> Any advice would be appreciated.
> 
> BTW, Iâ??m using OpenLDAP version 2.3.9 on Debian Linux
> 
> --
> Dan Wanek

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Prev by Date: Re: (ITS#4078) test001 fails on sparcv9
Next by Date: Re: (ITS#4086) rwm-mapping problem
Index(es):
- Chronological
- Thread