Issue 6364 - refint needs to have rootdn set
Summary: refint needs to have rootdn set
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: documentation (show other issues)
Version: 2.4.19
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-11-05 21:25 UTC by Quanah Gibson-Mount
Modified: 2014-08-01 21:04 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Quanah Gibson-Mount 2009-11-05 21:25:27 UTC 
Full_Name: Quanah Gibson-Mount
Version: 2.4.19
OS: NA
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.29.239)


The refint overlay doesn't necessarily work correctly without a rootdn being set
on the database it is applying to.  This requirement should be documented in the
man page.

See:

http://www.openldap.org/lists/openldap-software/200911/msg00039.html

for more info
Comment 1 Quanah Gibson-Mount 2009-11-05 21:25:36 UTC 
moved from Incoming to Documentation
Comment 2 Michael Ströder 2009-11-06 11:35:01 UTC 
quanah@OpenLDAP.org wrote:
> The refint overlay doesn't necessarily work correctly without a rootdn being set
> on the database it is applying to.  This requirement should be documented in the
> man page.

I'd argue that slapd should not even start if such a strong requirement of an
overlay is not met by configuration.

Ciao, Michael.
Comment 3 Peter Mogensen 2010-01-22 18:37:04 UTC 
This may be related.

I've veryfied that my refint overlay is not working.
However I have a rootdn defined for the database, but it is set to 
cn=config.
Could it be that the rootdn has to be in the scope of the database for 
refint to work?

slapd 2.4.20, back-hdb, BerkeleyDB 4.8.24

/Peter
Comment 4 Hallvard Furuseth 2010-12-01 03:22:49 UTC 
changed notes
changed state Open to Test
Comment 5 Hallvard Furuseth 2010-12-01 11:34:38 UTC 
Quanah Gibson-Mount wrote:
> The refint overlay doesn't necessarily work correctly without a rootdn
> being set on the database it is applying to.  This requirement should
> be documented in the man page.

Fixed in the manpage, but not in the admin guide.


Michael_Ströder wrote:
> I'd argue that slapd should not even start if such a strong
> requirement of an overlay is not met by configuration.

Leaving that for Howard, but I don't think we can do that now.
cn=config should then also refuse to delete rootdn, otherwise we'd have
the worse behavior that slapd won't start after a cn=config update.


Peter Mogensen wrote:
> I've veryfied that my refint overlay is not working.
> However I have a rootdn defined for the database, but it is set to 
> cn=config.
> Could it be that the rootdn has to be in the scope of the database for 
> refint to work?

I don't think so.  Hopefully it was ITS#6663 or ITS#6730, now fixed.

-- 
Hallvard
Comment 6 Quanah Gibson-Mount 2011-01-03 15:51:53 UTC 
changed notes
changed state Test to Release
Comment 7 Quanah Gibson-Mount 2011-02-14 12:34:23 UTC 
changed notes
changed state Release to Closed
Comment 8 OpenLDAP project 2014-08-01 21:04:10 UTC 
Fixed in HEAD
Fixed in RE24