[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6540) test022-ppolicy is flawed, masks serious stability issue

After patching, and using the same configuration as I had when the chain overlay was causing issues with slapcat and
restarting slapd, I now get prompted with a referral instead of it being automatically chased.  However, it does
automatically fill in the DN and password to rebind with:

root@somehost:~# ldapvi -h localhost --bind=simple -D cn=admin,dc=example,dc=com -w `cat /etc/ldap.secret` --discover
    159 entries read

add: 0, rename: 0, modify: 1, delete: 0
Action? [yYqQvVebB*rsf+?] y
Received referral to ldap://ldapmaster.example.com/uid=ryans,ou=Users,dc=example,dc=com.
You are not logged in to ldap://ldapmaster.example.com:389 yet.
Type '!' or 'y' to do so.
Rebind? [y!nB*qQ?] y

--- Login
Type M-h for help on key bindings.

Filter or DN: cn=admin,dc=example,dc=com
    Password: ***********
Bound as cn=admin,dc=example,dc=com.

Before, I never got prompted with this message when using ldapvi, which makes me think that chaining is no longer
working.  For reference, I am using the same configuration as is documented in test022-ppolicy:

dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb.la
olcModuleLoad: {1}autogroup.la
olcModuleLoad: {2}syncprov.la
olcModuleLoad: {3}back_ldap.la

dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcOverlayConfig
objectClass: olcChainConfig
olcOverlay: {0}chain

dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {0}ldap
olcDbURI: ldap://ldapmaster.example.com
olcDbIDAssertBind: bindmethod=simple binddn="cn=admin,dc=example,dc=com" credentials=SECRET mode=self

I am still looking in to what might be causing this to fail.