Logged in as guest
Viewing Incoming/7461 Full headers
Major security issue: yes no
Notes: Notification:
Date: Tue, 04 Dec 2012 09:55:48 +0000 From: tioteath@gmail.com To: openldap-its@OpenLDAP.org Subject: slapo-pcache not used for ACL which contains DN pointing to the remote LDAP server
Full_Name: Tio Teath Version: 2.4.33 OS: Debian GNU Linux Wheezy URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (178.172.239.4) I'm trying to set up group ACL, which contains DN located on the remote LDAP server. I have working ldap-proxy (olcSuffix: dc=remote) with slapo-pcache up and running. I can do the following search request, and get proper result, stored in the pcache database: ldapsearch -bcn=test2,ou=group,dc=remote "(objectClass=groupOfNames)" objectClass member But whenever I trying to get access to the RDN, the ACL of which contains following group entry: 'to dn.base="ou=people,dc=local" by group.exact="cn=test2,ou=group,dc=remote" write' I can't see any activity in the log (using pcache loglevel). Looks like, for some unknown reason, pcache are totally ignored while ACLs are processed. This decreases performance dramatically, as search statements are produced for each ACL containing remote DN.
______________ © Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org
