[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7577) hdb and mdb derefere aliases differently

To: openldap-its@OpenLDAP.org
Subject: (ITS#7577) hdb and mdb derefere aliases differently
From: juergen.sprenger@swisscom.com
Date: Wed, 24 Apr 2013 11:12:10 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Juergen Sprenger
Version: 2.4.35
OS: Gentoo Base System release 2.1, Kernel 3.7.10
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.5.238.18)


mdb dereference aliases problem.

I use aliases to keep information about a person who has multiple accounts
consistent over all accounts and avoid redundancy, example:

dn: uid=joe,ou=Account,dc=its,dc=scom
objectClass: alias
objectClass: extensibleObject
uid: joe
aliasedObjectName: uid=joe,ou=Person,dc=its,dc=scom
structuralObjectClass: alias

When using hdb as backend for slapd everything works fine, and user are
authenticated properly:
# running 'getent passwd' with hdb backend:
Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=0 BIND
dn="cn=itsAgent,ou=customerAgent,dc=scom" method=128
Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=0 BIND
dn="cn=itsAgent,ou=customerAgent,dc=scom" mech=SIMPLE ssf=0
Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=0 RESULT tag=97 err=0
text=
Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=1 SRCH
base="ou=account,dc=its,dc=scom" scope=1 deref=3
filter="(objectClass=posixAccount)"
Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=1 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory x-LinuxLoginShell gecos
description objectClass
Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 op=1 SEARCH RESULT tag=101
err=0 nentries=656 text=
Apr 24 09:53:54 openldap-dev slapd[19240]: conn=1000 fd=13 closed (connection
lost)

When using mdb as backend with same directory content, users are no longer
authenticated, search returns nentries=0:

# running 'getent passwd' with mdb backend:
Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=0 BIND
dn="cn=itsAgent,ou=customerAgent,dc=scom" method=128
Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=0 BIND
dn="cn=itsAgent,ou=customerAgent,dc=scom" mech=SIMPLE ssf=0
Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=0 RESULT tag=97 err=0
text=
Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=1 SRCH
base="ou=account,dc=its,dc=scom" scope=1 deref=3
filter="(objectClass=posixAccount)"
Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=1 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory x-LinuxLoginShell gecos
description objectClass
Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 op=1 SEARCH RESULT tag=101
err=0 text=
Apr 24 10:00:17 openldap-dev slapd[19300]: conn=1002 fd=13 closed (connection
lost)

Both setups have identical md5sum of slapcat output, so directory content can be
assumed identical in my opinion.

Prev by Date: Re: (ITS#7575) Fixed send_cli_cred on platforms that do not support such functions
Next by Date: Re: ITS#7552
Index(es):
- Chronological
- Thread