[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6792) rwm with broken config suppresses LDAP response



h.b.furuseth@usit.uio.no wrote:
> Full_Name: Hallvard B Furuseth
> Version: RE24, HEAD
> OS: Linux x86_64
> URL: http://folk.uio.no/hbf/OpenLDAP/rwmhang-draft.txt
> Submission from: (NULL) (193.157.201.147)
> Submitted by: hallvard
> 
> 
> rwm suppresses the LDAP response message if rwm_response() fails.
> This hangs waiting for the response:
> 
> include  servers/slapd/schema/core.schema
> database monitor
> overlay  rwm
> rwm-rewriteEngine  on
> rwm-rewriteContext matchedDN
> # Rewrite to nonexistent $1 or broken DN
> rwm-rewriteRule    ".*time.*" "cn=test,$1" :
> rwm-rewriteRule    ".*"       "urgle"      :
> 
> ldapcompare -x cn=hello,cn=time,cn=monitor l:x
> ldapsearch  -xLLL -b   cn=hello,cn=monitor
> 
> The enclosed patch seems to fix it, but I've only looked briefly at
> what's going on.

Good catch; however, the problem might need a slightly different fix; in 
fact, yours prevents rwm_response from aborting the operation by forcing 
an "unwilling to perform" based on the contents of the referral/matched.

However, this is probably conflicting (as in many other cases in 
slapo-rwm(5)), with the fact that some operations (e.g. extended) do not 
return response directly, but delegate the frontend; or, like the bind 
operation, only return unsuccessful results directly, and delegate 
successful responses to the frontend.

p.