OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/7461
Full headers

From: tioteath@gmail.com
Subject: slapo-pcache not used for ACL which contains DN pointing to the remote LDAP server
Compose comment
Download message
State:
0 replies:
0 followups:

Major security issue: yes  no

Notes:

Notification:


Date: Tue, 04 Dec 2012 09:55:48 +0000
From: tioteath@gmail.com
To: openldap-its@OpenLDAP.org
Subject: slapo-pcache not used for ACL which contains DN pointing to the remote LDAP server
Full_Name: Tio Teath
Version: 2.4.33
OS: Debian GNU Linux Wheezy
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (178.172.239.4)


I'm trying to set up group ACL, which contains DN located on the remote LDAP
server. I have working ldap-proxy (olcSuffix: dc=remote) with slapo-pcache up
and running. I can do the following search request, and get proper result,
stored in the pcache database:
ldapsearch -bcn=test2,ou=group,dc=remote "(objectClass=groupOfNames)"
objectClass member
But whenever I trying to get access to the RDN, the ACL of which contains
following group entry:
'to dn.base="ou=people,dc=local" by group.exact="cn=test2,ou=group,dc=remote"
write'
I can't see any activity in the log (using pcache loglevel). Looks like, for
some unknown reason, pcache are totally ignored while ACLs are processed.
This decreases performance dramatically, as search statements are produced for
each ACL containing remote DN.
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org