[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4431) Globally instantiated chaining overlay causes attributes to vanish from the rootDSE
Full_Name: Michael Heep
Version: 2.3.20
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (62.180.31.25)
I encountered the following phenomenon when experimenting with a globally
instantiated chaining overlay for automatic update referral chasing:
Issueing the following ldapsearch without the overlay instantiated gave
the expected results:
> ldapsearch -D "uid=<xxx>,ou=cno-ldc,ou=people,dc=o2online,dc=de" -b ""
-s base -WxZZLLL "*" "+"
Enter LDAP Password:
dn:
objectClass: top
objectClass: OpenLDAProotDSE
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: dc=o2online,dc=de
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.334810.2.3
supportedControl: 1.2.826.0.1.3344810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: EXTERNAL
entryDN:
subschemaSubentry: cn=Subschema
After uncommenting the chain directives from my LDAP server's slapd.conf
and running the same ldapsearch again the subschemaSubentry was no longer
included in the ldapsearch output:
> ldapsearch -D "uid=<xxx>,ou=cno-ldc,ou=people,dc=o2online,dc=de" -b ""
-s base -WxZZLLL "*" "+"
Enter LDAP Password:
dn:
objectClass: top
objectClass: OpenLDAProotDSE
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
[... same as above ;) ...]
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: EXTERNAL
I'm using OL 2.3.20 + DBD 4.2.52 with the 4 Patches on RHES30.
Here's an excerpt of my slapd.conf containing the relevant information:
access to attrs=userPassword
by self write
by dn.children="ou=CNO-LDC,ou=People,dc=o2online,dc=de" write
by dn.exact="cn=syncreader,dc=o2online,dc=de" read
by anonymous auth
access to attrs=shadowLastChange
by self write
by dn.children="ou=CNO-LDC,ou=People,dc=o2online,dc=de" write
by * read
access to *
by dn.children="ou=CNO-LDC,ou=People,dc=o2online,dc=de" write
by * read
...
# Chainig overlay for automatic referral chasing (global so it affects
updaterefs!)
overlay chain
chain-uri "ldap://<master ip>:389"
chain-idassert-bind bindmethod=simple binddn="<rootdn>"
credentials=<rootpw> mode=self
chain-tls start
#######################################################################
# BDB database definitions
#######################################################################
database bdb
...