[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7252) Referral Problem with SQL Backend

To: openldap-its@OpenLDAP.org
Subject: (ITS#7252) Referral Problem with SQL Backend
From: robert.eikermann@rwth-aachen.de
Date: Thu, 19 Apr 2012 11:21:05 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Robert Eikermann
Version: 2.4.23
OS: Ubuntu 11.10
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (137.226.168.114)


Hi,
regarding my mail to the mailinglist:
http://www.openldap.org/lists/openldap-technical/201204/msg00053.html

I'm using openldap with SQL-Backend (Postgres). The configured referral on this
server behaves not the way it should. The bind dn of the referral is overwritten
by the bind dn (of ldapsearch).

Following are the configuration and the Log files of the LDAP Server with SQL
Backend at Loglevel -1. In the Logfile you can see the starting of the server +
the search ?ldapsearch -xLLL -h localhost:389 -b dc=sselab,dc=de?. I think at
line 4114 one can see how the referral is used.

 

 

Slapd.conf : http://pastebin.com/tvtdNaZ6

sql attribute mappings: http://image-upload.de/image/WcDeaB/fd191aa422.png

sql entries: http://image-upload.de/image/qGiBOY/51496a9462.png

sql object classes: http://image-upload.de/image/Rei0X3/4f6b2b43f5.png

sql  oc mapping: http://image-upload.de/image/TRscIQ/7141e04af6.png

sql referral: http://image-upload.de/image/LGxZKQ/28773fadf7.png

ldap Log: http://pastebin.com/N8NCyLzt


To demonstrate the behavior:

 

Search for the referral Object:

     user@user-desktop:~$ ldapsearch -M -xLLL -h localhost:389
"(objectClass=referral)" '*' ref

     dn: dc=tim,dc=sselab,dc=de

     objectClass: referral

     objectClass: extensibleObject

     dc: tim

     ref: ldap://localhost:390/dc=tim,dc=sselab,dc=de#

 

which is exactly what I want!

 

But searching all objects:

     user@user-desktop:~$ ldapsearch -xLLL -h localhost:389 -b dc=sselab,dc=de

     dn: dc=sselab,dc=de

     objectClass: dcObject

     dc: sselab

 

     ?

 

     # refldap://localhost:390/dc=sselab,dc=de??sub

 

Results with the wrong dn in refldap!

 

Search with the dc=tim DN :

     user@user-desktop:~$ ldapsearch -xLLL -h localhost:389 -b
dc=tim,dc=sselab,dc=de

     Referral (10)

     Referral: ldap://localhost:390/dc=tim,dc=sselab,dc=de??sub

 

If you need more Information please let me know.

 

Best regards

Robert Eikermann

Prev by Date: Re: ITS#7239: testbed
Next by Date: (ITS#7252)
Index(es):
- Chronological
- Thread