[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4027) Requesting critical manageDSAit control with back-meta results in err=32

OK, after some head-scratching, it became apparent that this bug is due 
to select_backend's behavior with  the manageDSAit control. If it 
receives a request for a DN that is exactly equal to a database suffix, 
and there is a subsequent database with a superior suffix, then the 
exactly matching suffix is skipped. This behavior was added for ITS#851 
(Ancient, in the archives:
) because the user needed to be able to create referrals in the parent 
database to point to the subordinate databases.

The current behavior doesn't seem very helpful, especially now that 
subordinate/glue makes the original ITS#851 problem irrelevant.

pfnguyen@hanhuy.com wrote:
> Full_Name: Perry Nguyen
> Version: 2.3.7
> OS: Linux FC3
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> NB: I personally don't care about the manageDSAit control, but it seems JNDI
> requests this control by default, and it causes our code that uses JNDI to
> fail.
> I have no idea what the backend server would be.  My guess would be some version
> of IBM/Tivoli Directory Server.
> Relevant configuration that demonstrates this problem:
> ### Proxy bluepages so we can use its authentication
> ### Glue US and CSDL and our local accounts together
> database        meta
> nretries        forever
> readonly        on
> suffix          "ou=tsso,ou=ecmbi,o=ibm"
> uri             "ldap://bluepages.ibm.com/c=us,ou=tsso,ou=ecmbi,o=ibm";
> suffixmassage   "c=us,ou=tsso,ou=ecmbi,o=ibm" "c=us,ou=bluepages,o=ibm.com"
> #uri             "ldap:///ou=tsso,ou=ecmbi,o=ibm";
> #suffixmassage   "ou=tsso,ou=ecmbi,o=ibm" "ou=Build Accounts,ou=ecmbi,o=ibm"
> database        meta
> readonly        on
> nretries        forever
> suffix          "ou=sso,ou=ecmbi,o=ibm"
> uri             "ldaps://bluepages.ibm.com/c=us,ou=sso,ou=ecmbi,o=ibm"
> suffixmassage   "c=us,ou=sso,ou=ecmbi,o=ibm" "c=us,ou=bluepages,o=ibm.com"
> uri             "ldaps://bluepages.ibm.com/c=cn,ou=sso,ou=ecmbi,o=ibm"
> suffixmassage   "c=cn,ou=sso,ou=ecmbi,o=ibm" "c=cn,ou=bluepages,o=ibm.com"
> uri             "ldap:///ou=sso,ou=ecmbi,o=ibm";
> suffixmassage   "ou=sso,ou=ecmbi,o=ibm" "ou=SSO Stub,ou=ecmbi,o=ibm"
> #uri             "ldap:///ou=sso,ou=ecmbi,o=ibm";
> #suffixmassage   "ou=sso,ou=ecmbi,o=ibm" "ou=Build Accounts,ou=ecmbi,o=ibm"
> subordinate

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/