7461 – slapo-pcache not used for ACL which contains DN pointing to the remote LDAP server

Issue 7461 - slapo-pcache not used for ACL which contains DN pointing to the remote LDAP server

Summary: slapo-pcache not used for ACL which contains DN pointing to the remote LDAP s...

Status:	UNCONFIRMED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	overlays (show other issues)
Version:	2.4.33
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-12-04 09:55 UTC by tioteath@gmail.com
Modified:	2020-09-21 22:35 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description tioteath@gmail.com 2012-12-04 09:55:48 UTC

Full_Name: Tio Teath
Version: 2.4.33
OS: Debian GNU Linux Wheezy
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (178.172.239.4)


I'm trying to set up group ACL, which contains DN located on the remote LDAP
server. I have working ldap-proxy (olcSuffix: dc=remote) with slapo-pcache up
and running. I can do the following search request, and get proper result,
stored in the pcache database:
ldapsearch -bcn=test2,ou=group,dc=remote "(objectClass=groupOfNames)"
objectClass member
But whenever I trying to get access to the RDN, the ACL of which contains
following group entry:
'to dn.base="ou=people,dc=local" by group.exact="cn=test2,ou=group,dc=remote"
write'
I can't see any activity in the log (using pcache loglevel). Looks like, for
some unknown reason, pcache are totally ignored while ACLs are processed.
This decreases performance dramatically, as search statements are produced for
each ACL containing remote DN.

Comment 1 Quanah Gibson-Mount 2017-04-13 15:23:52 UTC

moved from Incoming to Software Bugs