[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3819) Strange slapd.conf diagnostic after authz-regexp



Hallvard B Furuseth wrote:
> Aha.  That solved a small mystery for me, once I looked at it
> in cn=config:
>
> The root DSE no longer uses ACLs from the first database.
> it Only uses the global ACLs and the 'database frontend' ACLs,
> because the supposedly global ACLs end up in frontendDB.
>   
Yes. This was discussed recently
http://www.openldap.org/lists/openldap-devel/200504/msg00045.html
but I don't think any course of action was decided.
> Also, rootdn/rootpw was also applied from the first database, but
> those are now taken from frontendDB and I can't get rootdn/rootpw
> from frontendDB to work.
>   

Well, rootpw makes no sense for the frontendDB. The question about 
rootdn is still open.
> Howard Chu writes:
>   
>> At the time it occurs, the current backend is the frontendDB.  (...)
>> This probably should be straightened out, but at the moment it seems
>> harmless and we have other things to worry about.
>>
>>     
>>> authz-regexp cn=x cn=y
>>> foobar
>>>
>>> gets this message from slaptest -d 64:
>>>
>>> unknown directive <foobar> inside backend database definition (ignored).
>>> (...)
>>>       
>
>   


-- 
  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support