5647 – problem with ldap backend / rwm overlay

Issue 5647 - problem with ldap backend / rwm overlay

Summary: problem with ldap backend / rwm overlay

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	unspecified
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-08-08 04:03 UTC by brett.maxfield@gmail.com
Modified:	2014-08-01 21:04 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description brett.maxfield@gmail.com 2008-08-08 04:03:20 UTC

Full_Name: Brett Maxfield
Version: slapd 2.4.11 (Jul 29 2008 19:56:20)
OS: SunOS qgdmzmlr01 5.10 Generic_127111-11 sun4v sparc SUNW,Sun-Fire-T200
URL: 
Submission from: (NULL) (203.18.108.168)


I am trying to setup a ldap backend which is a filtered view of another larger
parent directory, with respect to exposing fewer object classes and attributes.

The intent is to present a simpler view of the larger directory, and the config
below works, except for when i uncomment the line containing "rwm-map attribute
*", to hide the attributes i do not want visible, but after that it stops
returning any entries at all for any query. So may be there is some important
openldap attribute i am nuking ?

The below config works, until the "rwm-map attribute *" line is uncommented, the
ldap backend stops returning any entries. Pierangelo Masarati on the list stated
:

<quote>
Yes, I fear that's hiding the objectClass attribute, which is required for
internal operations.  On the other hand, you can't simply tell back-ldap to
preserve that attribute, because mapping objectClass is not allowed.  I suggest
you file an ITS so that this problem can be fixed.
</quote>

I have tried mapping the "rwm-map attribute objectClass *", and as Perangelo
states, the error is "objectclass attribute cannot be mapped". If this is true,
then the usability of rwm-map attribute is extremely compromised, and probably
unusable?

The structure of the parent directory is :

c=AU
    o=My Org 1
        ou=My Unit 1
    o=My Org 2
        ou=My Unit 2

Config is :

database        ldap
suffix          "c=AU"
uri             "ldap://<parent ip>:<parent port>/"
overlay         rwm
lastmod         off

# attribute maps (ok except for final "rwm-map attribute *" map)
rwm-map attribute cn *
rwm-map attribute sn *
rwm-map attribute mail *
rwm-map attribute c *
rwm-map attribute o *
rwm-map attribute ou *

# does not like this, it stops any entries being returned
#rwm-map attribute *

# objectclass maps (ok)
rwm-map objectclass top *
rwm-map objectclass country *
rwm-map objectclass organization *
rwm-map objectclass organizationalRole *
rwm-map objectclass organizationalPerson *
rwm-map objectclass organizationalUnit *
rwm-map objectclass *

Comment 1 ando@openldap.org 2008-08-09 08:49:38 UTC

changed notes
changed state Open to Test
moved from Incoming to Software Bugs

Comment 2 ando@openldap.org 2008-08-09 08:54:51 UTC

changed notes

Comment 3 ando@openldap.org 2008-08-09 09:02:02 UTC

Should be fixed now in HEAD, for both slapo-rwm and slapd-meta.  Please test.

p.

Comment 4 brett.maxfield@gmail.com 2008-08-09 12:34:46 UTC

Works exactly as it should, extra attributes are now hidden :)

Thanks very much.

Brett

On Sat, Aug 9, 2008 at 7:02 PM, Pierangelo Masarati <
openldap-its@openldap.org> wrote:

> Should be fixed now in HEAD, for both slapo-rwm and slapd-meta.  Please
> test.
>
> p.
>

Comment 5 Quanah Gibson-Mount 2008-09-03 00:11:53 UTC

changed notes
changed state Test to Release

Comment 6 ando@openldap.org 2008-10-15 15:56:42 UTC

changed notes
changed state Release to Closed

Comment 7 OpenLDAP project 2014-08-01 21:04:16 UTC

slapo-rwm & slapd-meta fixed in HEAD
slapo-rwm & slapd-meta fixed in RE24