(ITS#5760) attribute hiding in rwm overlay

[brett.maxfield@gmail.com]

Full_Name: Brett Maxfield
Version: 2.4.12 release
OS: Solaris 5.10
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (203.18.108.167)


There is a bug that stops rwm-map being used to hide attributes, eg :

database        ldap
suffix          "c=AU"
uri             "ldap://<parent ip>:<parent port>/c=AU"
overlay         rwm
lastmod         off

# attribute maps (ok except for final "rwm-map attribute *" map)
rwm-map attribute cn *
rwm-map attribute sn *
rwm-map attribute mail *
rwm-map attribute c *
rwm-map attribute o *
rwm-map attribute ou *

# does not like this, it stops any entries being returned
#rwm-map attribute *

# objectclass maps (ok)
rwm-map objectclass top *
rwm-map objectclass country *
rwm-map objectclass organization *
rwm-map objectclass organizationalRole *
rwm-map objectclass organizationalPerson *
rwm-map objectclass organizationalUnit *
rwm-map objectclass *

Comment from the openlda-software list..

> I am trying to setup a ldap backend which is a filtered view of
> another larger parent directory, with respect to exposing fewer object
> classes and attributes.
>
> The intent is to present a simpler view of the larger directory, and
> the config below works, except for when i uncomment the line
> containing "rwm-map attribute *", to hide the attributes i do not want
> visible, but after that it stops returning any entries at all for any
> query. So may be there is some important openldap attribute i am
> nuking ?

Yes, I fear that's hiding the objectClass attribute, which is required for
internal operations.  On the other hand, you can't simply tell back-ldap to
preserve that attribute, because mapping objectClass is not allowed.  I suggest
you file an ITS so that this problem can be fixed.

p.

Ing. Pierangelo Masarati
OpenLDAP Core Team